Jump to content

Change Mode

Toolbars... many


Recommended Posts

Hello HJT crew,

 

The browsers (IE, FF) on this pc had a lot of toolbars (babylon, qword, and some others). Also the startpage could not be changed.

 

I managed to get rid of them using ccleaner, emisoft antimalware,superantispyware and pcmatic.

 

Maybe there are still leftovers, or other malware on this computer. Please take a look at the log:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:45:28, on 30/10/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Emsisoft Anti-Malware\a2service.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\vVX1000.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe

C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup

O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe

O4 - HKLM\..\Run: [info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.dadsproject.com/Klokkijken/klokkijken.php"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} (VersionControl Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243013861984

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O20 - AppInit_DLLs:

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Emsisoft Anti-Malware 5.1 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe

O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 9528 bytes

Link to post
Share on other sites

Hello gagaman :adios:

 

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.
Lets see what the following scans can tell us:
  • Please perform the following scan

  • Please download DDS from here and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click on the DDS icon to run the tool (may take up to 3 minutes to run).
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
  • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
  • Please scan your system with GMER

     

     

    Posted Image

    Download GMER Rootkit Scanner from here or here.

    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...

    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your reply.
**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries

 

Please post the DDS logs and the GMER log in your next reply. If you encounter any problems with the scans come back and let me know.

 

Link to post
Share on other sites

Hello Jontom,

 

Thanks for taking a look at this.

 

The requested logs:

 

DDS-log

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer:

Run by mama at 9:51:24 on 2011-11-01

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2599 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:Program FilesEmsisoft Anti-Malwarea2service.exe

C:WINDOWSsystem32svchost -k DcomLaunch

svchost.exe

C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

C:WINDOWSSystem32svchost.exe -k netsvcs

C:WINDOWSsystem32svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:WINDOWSsystem32spoolsv.exe

svchost.exe

C:Program FilesSUPERAntiSpywareSASCORE.EXE

C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesLogMeInx86LMIGuardianSvc.exe

C:Program FilesLogMeInx86RaMaint.exe

C:Program FilesLogMeInx86LogMeIn.exe

C:Program FilesMicrosoft LifeCamMSCamS32.exe

C:WINDOWSsystem32PnkBstrA.exe

C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe

C:WINDOWSsystem32svchost.exe -k imgsvc

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSExplorer.EXE

C:Program FilesASUSEPU-4 EngineFourEngine.exe

C:Program FilesLogMeInx86LogMeInSystray.exe

C:WINDOWSRTHDCPL.EXE

C:WINDOWSvVX1000.exe

C:Program FilesMicrosoft Security Clientmsseces.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesiTunesiTunesHelper.exe

C:Program FilesPowerISOPWRISOVM.EXE

C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe

C:Program FilesD-LinkDWA-125 revAAirGCFG.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe

C:Program FilesPCPitstopInfo CenterInfoCenter.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesSkypePhoneSkype.exe

C:Program FilesInterVideoCommonBinWinCinemaMgr.exe

C:Program FilesSpywareGuardsgmain.exe

C:Program FilesSpywareGuardsgbhp.exe

C:Program FilesiPodbiniPodService.exe

C:WINDOWSsystem32wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.be/

uRun: [CTFMON.EXE] c:windowssystem32ctfmon.exe

uRun: [skype] "c:program filesskypephoneSkype.exe" /nosplash /minimized

uRunOnce: [shockwave Updater] c:windowssystem32adobeshockwave 11SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.dadsproject.com/Klokkijken/klokkijken.php"

mRun: [six Engine] "c:program filesasusepu-4 engineFourEngine.exe" -r

mRun: [LogMeIn GUI] "c:program fileslogmeinx86LogMeInSystray.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [LifeCam] "c:program filesmicrosoft lifecamLifeExp.exe"

mRun: [VX1000] c:windowsvVX1000.exe

mRun: [MSC] "c:program filesmicrosoft security clientmsseces.exe" -hide -runkey

mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportAppleSyncNotifier.exe

mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"

mRun: [PWRISOVM.EXE] c:program filespowerisoPWRISOVM.EXE -startup

mRun: [uVS10 Preload] c:program filesulead systemsulead videostudio se dvduvPL.exe

mRun: [WinDVR SchSvr] "c:program filescommon filesintervideoschsvrSchSvr.exe"

mRun: [D-Link D-Link DWA-125] c:program filesd-linkdwa-125 revaAirGCFG.exe

mRun: [WZCSLDR2] c:program filesd-linkdwa-125 revaWZCSLDR2.exe

mRun: [info Center] c:program filespcpitstopinfo centerInfoCenter.exe

dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE

dRun: [DWQueuedReporting] "c:progra~1common~1micros~1dwdwtrig20.exe" -t

StartupFolder: c:docume~1mamamenust~1progra~1opstar~1spywar~1.lnk - c:program filesspywareguardsgmain.exe

StartupFolder: c:docume~1alluse~1menust~1progra~1opstar~1interv~1.lnk - c:program filesintervideocommonbinWinCinemaMgr.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243013861984

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 195.130.130.4 195.130.131.4

TCP: Interfaces{4F52C767-993D-4BB5-AE28-5E54599325CC} : DhcpNameServer = 195.130.131.132 195.130.130.4

TCP: Interfaces{57CC1820-8280-407F-8BB2-EB8E5714DF5F} : DhcpNameServer = 195.130.130.4 195.130.131.4

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLL

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:program filesspywareguardspywareguard.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:documents and settingsmamaapplication datamozillafirefoxprofileshefq8rku.default

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=17243&q=

FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll

FF - plugin: c:program filesgoogleupdate1.3.21.79npGoogleUpdate3.dll

FF - plugin: c:program filesmicrosoft silverlight4.0.60831.0npctrlui.dll

FF - plugin: c:program filesmicrosoftoffice livenpOLW.dll

FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2010-10-24 165648]

R1 MpKsl9b6688ef;MpKsl9b6688ef;c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{fa7d8d51-0dc0-469c-aafb-2f442ee7cda1}MpKsl9b6688ef.sys [2011-11-1 28752]

R1 SASDIFSV;SASDIFSV;c:program filessuperantispywareSASDIFSV.SYS [2009-5-14 12880]

R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-5-14 67664]

R2 !SASCORE;SAS Core Service;c:program filessuperantispywareSASCORE.EXE [2011-6-12 116608]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:program filesemsisoft anti-malwarea2service.exe [2011-6-13 3045688]

R2 ANPD;ANPD Service;c:windowssystem32ANPD.SYS [2011-10-30 29411]

R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2009-10-11 54752]

R2 LMIGuardianSvc;LMIGuardianSvc;c:program fileslogmeinx86LMIGuardianSvc.exe [2010-10-5 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:program fileslogmeinx86rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:windowssystem32driversLMIRfsDriver.sys [2009-5-22 47640]

R3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:windowssystem32driversDrt2870.sys [2011-10-30 779136]

S1 MpKsl2a03b60a;MpKsl2a03b60a;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{7262ea36-dceb-49b7-87ab-3885ae2c843c}mpksl2a03b60a.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{7262ea36-dceb-49b7-87ab-3885ae2c843c}MpKsl2a03b60a.sys [?]

S1 MpKslb124d8ed;MpKslb124d8ed;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{56bff251-6282-460b-b669-266224a92bb0}mpkslb124d8ed.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{56bff251-6282-460b-b669-266224a92bb0}MpKslb124d8ed.sys [?]

S1 MpKsld0e9bdc2;MpKsld0e9bdc2;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{70379d85-e50b-44ff-86e2-cfc904337769}mpksld0e9bdc2.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{70379d85-e50b-44ff-86e2-cfc904337769}MpKsld0e9bdc2.sys [?]

S3 a2acc;a2acc;c:program filesemsisoft anti-malwarea2accx86.sys [2011-6-13 73728]

S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [2009-5-22 1691480]

S3 D_Link_DWA-125;D_Link_DWA-125 Service;c:program filesd-linkdwa-125 revaANIWZCSdS.exe [2011-10-30 126976]

S3 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:program filesd-linkdwa-125 revaANIWConnService.exe [2011-10-30 40960]

S3 fsssvc;De service Windows Live Family Safety;c:program fileswindows livefamily safetyfsssvc.exe [2010-4-28 704872]

S3 gupdate;Google Updateservice (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2009-11-22 135664]

S3 gupdatem;Google Update-service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2009-11-22 135664]

S3 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2007-11-6 34064]

S3 npggsvc;nProtect GameGuard Service;c:windowssystem32gamemon.des -service --> c:windowssystem32GameMon.des -service [?]

S3 PCPitstop Scheduling;PCPitstop Scheduling;c:program filespcpitstopPCPitstopScheduleService.exe [2011-10-30 91816]

S3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-5-14 12872]

S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:windowssystem32driversSmiUsbGrabber3C.sys [2011-8-10 805632]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-11-01 08:44:42 28752 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{fa7d8d51-0dc0-469c-aafb-2f442ee7cda1}MpKsl9b6688ef.sys

2011-11-01 08:44:39 56200 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{fa7d8d51-0dc0-469c-aafb-2f442ee7cda1}offreg.dll

2011-10-30 20:44:37 388096 ----a-r- c:documents and settingsmamaapplication datamicrosoftinstaller{45a66726-69bc-466b-a7a4-12fcba4883d7}HiJackThis.exe

2011-10-30 20:44:36 -------- d-----w- c:program filesTrend Micro

2011-10-30 17:26:21 -------- d--h--r- c:documents and settingsmamaOnlangs geopend

2011-10-30 16:56:16 -------- d-----w- c:documents and settingsall usersapplication dataPCPitstopDat

2011-10-30 16:41:29 6668624 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{fa7d8d51-0dc0-469c-aafb-2f442ee7cda1}mpengine.dll

2011-10-30 06:16:16 48640 ----a-w- c:windowssystem32ANPD64.SYS

2011-10-30 06:16:16 34008 ----a-w- c:windowssystem32ANPD.VXD

2011-10-30 06:16:16 315392 ----a-w- c:windowssystem32ANPDApi.dll

2011-10-30 06:16:16 29411 ----a-w- c:windowssystem32ANPD.SYS

2011-10-30 06:15:34 779136 ----a-w- c:windowssystem32driversDrt2870.sys

2011-10-30 06:15:33 221184 ----a-w- c:windowssystem32RaCoInst.dll

2011-10-30 06:15:32 -------- d-----w- c:program filesD-Link

2011-10-19 14:31:15 -------- d-----w- c:documents and settingsall usersapplication dataHEMA Fotoservice

2011-10-19 14:31:13 -------- d-----w- c:program filesHEMA Fotoservice

2011-10-13 17:56:57 -------- d-----w- c:documents and settingsall usersapplication datatmp

2011-10-13 17:56:56 -------- d-----w- c:documents and settingsall usersapplication datahps

2011-10-13 17:55:38 -------- d-----w- c:program filesbol.com

.

==================== Find3M ====================

.

2011-10-30 17:56:26 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-10-08 06:50:36 83360 ----a-w- c:windowssystem32LMIRfsClientNP.dll

2011-10-08 06:50:36 52096 ----a-w- c:windowssystem32spoolprtprocsw32x86LMIproc.dll

2011-10-08 06:50:35 87424 ----a-w- c:windowssystem32LMIinit.dll

2011-10-08 06:50:35 30592 ----a-w- c:windowssystem32LMIport.dll

2011-09-26 09:41:44 614912 ----a-w- c:windowssystem32uiautomationcore.dll

2011-09-26 09:41:44 23040 ----a-w- c:windowssystem32oleaccrc.dll

2011-09-26 09:41:20 220160 ----a-w- c:windowssystem32oleacc.dll

2011-09-09 09:12:05 602624 ----a-w- c:windowssystem32crypt32.dll

2011-09-06 14:09:57 1859072 ----a-w- c:windowssystem32win32k.sys

2011-08-22 23:41:22 916480 ----a-w- c:windowssystem32wininet.dll

2011-08-22 23:41:20 43520 ----a-w- c:windowssystem32licmgr10.dll

2011-08-22 23:41:20 1469440 ----a-w- c:windowssystem32inetcpl.cpl

2011-08-22 11:58:28 385024 ----a-w- c:windowssystem32html.iec

2011-08-17 13:49:54 138496 ----a-w- c:windowssystem32driversafd.sys

2011-08-13 12:00:22 61244 ----a-w- c:windowssystem32x264vfw-uninstall.exe

.

============= FINISH: 9:51:34,26 ===============

 

 

Attach-log

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: DeviceHarddiskVolume1

Install Date: 22/05/2009 9:01:14

System Uptime: 1/11/2011 9:44:14 (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5QL PRO

Processor: Intel Pentium III Xeon-processor | LGA775 | 2997/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 146 GiB total, 31,241 GiB free.

D: is FIXED (NTFS) - 152 GiB total, 128,687 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP867: 30/10/2011 21:44:35 - Installed HiJackThis

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.1 - Nederlands

Adobe Shockwave Player 11.5

AMCap

Any Video Converter 3.1.1

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applian Director

Assassin's Creed

ASUS nVidia Driver

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

µTorrent

AviSynth 2.5

Beveiligingsupdate voor Microsoft Windows (KB2564958)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB2559049)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB2586448)

Beveiligingsupdate voor Windows Media Encoder (KB2447961)

Beveiligingsupdate voor Windows XP (KB2536276-v2)

Beveiligingsupdate voor Windows XP (KB2562937)

Beveiligingsupdate voor Windows XP (KB2566454)

Beveiligingsupdate voor Windows XP (KB2567053)

Beveiligingsupdate voor Windows XP (KB2567680)

Beveiligingsupdate voor Windows XP (KB2570222)

Beveiligingsupdate voor Windows XP (KB2570947)

Beveiligingsupdate voor Windows XP (KB2592799)

Beveiligingsupdate voor Windows XP (KB923789)

bol.com fotoservice

Bonjour

Call of Duty® - World at War

Call of Duty® - World at War 1.2 Patch

Call of Duty® - World at War 1.3 Patch

Call of Duty® - World at War 1.4 Patch

Call of Duty® 2

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.7 Patch

Call of Duty: Modern Warfare 2

Call of Duty: Modern Warfare 2 - Multiplayer

Canon MP495 series MP Drivers

CCleaner

Click to Call with Skype

Conduit Engine

D-Link DWA-125

DScaler 4.1.15

Emsisoft Anti-Malware 5.1

EPU-4 Engine

Fraps

Free Audio Dub version 1.7.7

Free Studio version 5.0.8

Free Video Dub version 1.8

Free Video to MP3 Converter version 4.1

Free YouTube Download 2.10

GoGear ARIA Device Manager

Google Chrome

Google Earth

Google Update Helper

HEMA Fotoservice

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB976002-v5)

Hotfix voor Windows XP (KB2570791)

HP-software voor foto- en beeldbewerking 2.0 - All-in-One

HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma

HP-software voor foto- en beeldbewerking 2.0 - HP psc 1200

hp psc 1200 series

Huffyuv AVI lossless video codec (Remove Only)

ijji - Gunz

ijji REACTOR

Info Center 1.0.0.7

InterVideo WinDVR 3

iTunes

Java 6 Update 16

Junk Mail filter update

Lame ACM MP3 Codec

LimeWire 5.1.3

LogMeIn

Media Converter for Philips

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Dutch Language Pack

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD

Microsoft .NET Framework 3.5 Language Pack SP1 - nld

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Antimalware

Microsoft Antimalware Service NL-NL Language Pack

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft LifeCam

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Dutch) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office Excel Viewer

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Dutch) 2007

Microsoft Office InfoPath MUI (Dutch) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office Outlook MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Dutch) 2007

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Word MUI (Dutch) 2007

Microsoft Search Enhancement Pack

Microsoft Security Client

Microsoft Security Client NL-NL Language Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (Dutch) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MobileMe Control Panel

Mozilla Firefox 4.0.1 (x86 nl)

MSVCRT

MSVCRT Redists

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Drivers

NVIDIA PhysX

OGA Notifier 2.0.0048.0

Paint.NET v3.5.8

PC Matic 1.1.0.44

PhotoScape

PowerISO

PSP Video 9 6

PunkBuster Services

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

Realtek High Definition Audio Driver

RealUpgrade 1.1

Revo Uninstaller 1.92

Safari

SAMSUNG Mobile Modem Driver Set

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio 3

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Segoe UI

Skype™ 5.5

SMI Grabber Device

Soldier Front

Spybot - Search & Destroy

SpywareBlaster 4.2

SpywareGuard v2.2

Steam

Sudoku Beginner

SUPERAntiSpyware Free Edition

System Requirements Lab

Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL

Ulead VideoStudio SE DVD

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Update voor Microsoft Office Excel 2007 Help (KB963678)

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

Update voor Microsoft Office Word 2007 Help (KB963665)

Update voor Windows XP (KB2607712)

Update voor Windows XP (KB2616676)

Videora iPod touch Converter 6

WebFldrs XP

Windows-stuurprogrammapakket - Atheros (L1e) Net (03/31/2009 1.0.0.36)

Windows-stuurprogrammapakket - NVIDIA (nv) Display (01/11/2010 6.14.11.9621)

Windows-stuurprogrammapakket - Realtek Semiconductor Corp. HD Audio Driver (12/25/2009 5.10.0.6013)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live - Hulpprogramma voor uploaden

Windows Live aanmeldhulp

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Writer

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinPcap 4.0.2

WinRAR

Wolfenstein - Enemy Territory

x264vfw - H.264/MPEG-4 AVC codec (remove only)

Xfire (remove only)

YouSendIt Express

YouTube Downloader 2.5.3

YouTube Downloader App 3.00

.

==== End Of File ===========================

 

 

Gmer-log

 

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-11-01 11:41:29

Windows 5.1.2600 Service Pack 3 Harddisk0DR0 -> DeviceIdeIdeDeviceP2T0L0-7 SAMSUNG_HD322HJ rev.1AG01113

Running: gmer.exe; Driver: C:DOCUME~1mamaLOCALS~1Temppxlcypog.sys

 

---- Kernel code sections - GMER 1.0.15 ----

.text C:WINDOWSsystem32DRIVERSnv4_mini.sys section is writeable [0xB73C5380, 0x550AF5, 0xE8000020]

? C:DOCUME~1mamaLOCALS~1Tempmbr.sys Het systeem kan het opgegeven bestand niet vinden. !

---- User code sections - GMER 1.0.15 ----

.text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 415854D5 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DB44 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 41755397 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 417552C9 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 41755334 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 4175519A C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 417551FC C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 417553FA C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 4175525E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 415854D5 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 41659AD1 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 4164D10D C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DB44 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 415C464E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 41755397 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 417552C9 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 41755334 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 4175519A C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 417551FC C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 417553FA C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 4175525E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] ole32.dll!CoCreateInstance 774BF1AC 5 Bytes JMP 4165DBA0 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[3488] ole32.dll!OleLoadFromStream 774E981B 5 Bytes JMP 417556FF C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice DriverTcpip DeviceTcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice FileSystemFastfat Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1} 0 bytes

File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}mpasbase.vdm 13884592 bytes executable

File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}mpasdlta.vdm 868872 bytes executable

File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}mpavbase.vdm 47947952 bytes executable

File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}mpavdlta.vdm 1460232 bytes executable

File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}mpengine.dll 6668624 bytes

File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}MpKsl9b6688ef.sys 28752 bytes executable <-- ROOTKIT !!!

File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}offreg.dll 56200 bytes executable

File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareScansmpcache-1F943C22AE6A0669A873060208DD33F2AD2A738C.bin.67 84844544 bytes

File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareScansmpcache-1F943C22AE6A0669A873060208DD33F2AD2A738C.bin.80 8318976 bytes

File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareScansmpcache-1F943C22AE6A0669A873060208DD33F2AD2A738C.bin.87 1052672 bytes

---- Services - GMER 1.0.15 ----

Service C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}MpKsl9b6688ef.sys [sYSTEM] MpKsl9b6688ef <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hello gagaman

 

Thank you for the logs.

  • P2P Programs:

  • P2P programs are a major source of Malware infections.
  • From your log I see you have µTorrent and LimeWire 5.1.3. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
  • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
  • If you wish to keep the program(s), please do not use them until your computer is cleaned.
  • Information regarding the risk of using these programs can be found from here and here.
  • It is strongly recommend that you uninstall any P2P programs you have on your system.
  • To do this, Click on "Start" then on "Control Panel" and then on "Add or remove programs".
  • A list of currently installed programs will be displayed.
  • Find each program, click on it once and then click on the "Remove" button.
  • If you are prompted to re-boot your computer to complete the uninstall please do so.

     

     

    PLEASE NOTE:

  • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.

Besides the toolbar issues you described is the machine displaying any other noticeable symptoms (redirects, popups, error messages etc)?

 

Lets take a closer look at the following file:

  • Please scan the following files

  • Please go to VirusTotal
  • On the page you'll find a "Browse" button.
  • Click on the Browse button.
  • In the Choose File to Upload window which opens, copy and paste this into the File Name box.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}\MpKsl9b6688ef.sys

 

 

  • Next, click the Open button.
  • Then click the "Send File" button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now.
  • Once scanned, copy and paste the link to the results page in your next reply.
There are no toolbars showing in your DDS log but I can see some remnants of Babylon (it is set as your default browser search tool for Firefox). If you would like this removed let me know.

 

Please post the link to the VT scan page in your next reply then we'll continue :)

 

Link to post
Share on other sites

Hi JonTom, The computer belongs to a friend of mine. I think her kids installed tahat p2p and torrent software. I uninstalled it. I will pass your remarqs about p2p over to them.

 

I did not find the file you mentioned above to be analyzed by virustotal. On that location I did find a file with the same extension: MpKslbcf0fce7.sys. So I uploaded that. Herre is the link: http://www.virustota...5c6e-1320225890

 

And I wish to get rid or the remnants of Babylon ;)

 

The pc is behaving quite well. No popups or errors showing up now.

 

thanks, gagaman

Edited by gagaman
Link to post
Share on other sites

Hello gagaman

 

On that location I did find a file with the same extension: MpKslbcf0fce7.sys

Thats the same extension, but a different file.

 

The file I wanted scanned was being flagged by GMER:

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}\MpKsl9b6688ef.sys [sYSTEM] MpKsl9b6688ef <-- ROOTKIT !!!

Did you paste it directly into VT as instructed? (It sounds as though you tried to locate it manually).

 

The file may very well be a false positive since it appears to be a malware definitions file for MSE, and also since you mention that the machine is not being redirected when browsing etc.

 

And I wish to get rid or the remnants of Babylon ;)

Lets take care of it using OTL:

  • Download and run OTL by Oldtimer

  • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
  • Close all open windows on your computer then Double click on the OTL.exe icon to run the program.
  • Check the boxes beside "LOP Check" and "Purity Check".
  • Under Custom Scan paste this in:

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\Fonts\*.com

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.exe

%systemroot%\system32\spool\prtprocs\w32x86\*.*

%systemroot%\REPAIR\*.bak1

%systemroot%\REPAIR\*.ini

%systemroot%\system32\*.jpg

%systemroot%\*.jpg

%systemroot%\*.png

%systemroot%\*.scr

%systemroot%\*._sy

%APPDATA%\Adobe\Update\*.*

%ALLUSERSPROFILE%\Favorites\*.*

%APPDATA%\Microsoft\*.*

%PROGRAMFILES%\*.*

%APPDATA%\Update\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\bak. /s

%systemroot%\system32\bak. /s

%ALLUSERSPROFILE%\Start Menu\*.lîk /x

%systemroot%\system32\config\systemprofile\*.dat /x

%systemroot%\*.config

%systemroot%\system32\*.db

%PROGRAMFILES%\Internet Explorer\*.dat

%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x

%USERPROFILE%\Deskuop\*.exe

%PROGRAMFILES%\Common Files\*.*

%systemroot%\*.src

%systemroot%\install\*.*

%systemroot%\system32\DLL\*.*

%systemroot%\system32\HelpFiles\*.*

%systemroot%\system32\rundll\*.*

%systemroot%\winn32\*.*

%systemroot%\Java\*.*

%systemroot%\system32\test\*.*

%systemroot%\system32\Rundll32\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

/md5start

iexplore.*

explorer.*

winlogon.*

dll

zx.dll

hlp.dat

/md5stop

  • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
  • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
  • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.
Link to post
Share on other sites

Thats the same extension, but a different file.

 

The file I wanted scanned was being flagged by GMER:

 

 

 

Did you paste it directly into VT as instructed? (It sounds as though you tried to locate it manually).

 

Hello Jontom,

 

With copy/paste I got a message that the path to the file was wrong. Check the filename. After that I navigated manually to that map and did not find the file.

 

Therequested logs:

 

OTL.Txt

 

OTL logfile created on: 3/11/2011 7:10:37 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsmamaBureaublad

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = )

Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

 

3,25 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 80,21% Memory free

5,09 Gb Paging File | 4,58 Gb Available in Paging File | 89,96% Paging File free

Paging file location(s): C:pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 146,48 Gb Total Space | 32,46 Gb Free Space | 22,16% Space Free | Partition Type: NTFS

Drive D: | 151,61 Gb Total Space | 141,39 Gb Free Space | 93,26% Space Free | Partition Type: NTFS

 

Computer Name: FRANCINE | User Name: mama | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/11/03 07:09:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe

PRC - [2011/10/30 17:06:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:Program FilesSUPERAntiSpywareSASCORE.EXE

PRC - [2011/10/30 07:47:56 | 003,045,688 | ---- | M] (Emsi Software GmbH) -- C:Program FilesEmsisoft Anti-Malwarea2service.exe

PRC - [2011/10/08 07:50:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86ramaint.exe

PRC - [2011/10/08 07:50:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LMIGuardianSvc.exe

PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:Program FilesPCPitstopInfo CenterInfoCenter.exe

PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security Clientmsseces.exe

PRC - [2011/06/15 07:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:Program FilesPowerISOPWRISOVM.EXE

PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LogMeIn.exe

PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:Program FilesD-LinkDWA-125 revAAirGCFG.exe

PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe

PRC - [2008/07/24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LogMeInSystray.exe

PRC - [2008/07/23 16:04:20 | 005,625,344 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineFourEngine.exe

PRC - [2008/04/14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe

PRC - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft LifeCamMSCamS32.exe

PRC - [2007/04/10 22:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:WINDOWSvVX1000.exe

PRC - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:Program FilesSpywareGuardsgmain.exe

PRC - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:Program FilesSpywareGuardsgbhp.exe

PRC - [2003/06/06 16:52:32 | 000,151,552 | ---- | M] (InterVideo Inc.) -- C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe

PRC - [2003/06/06 16:51:48 | 000,131,072 | ---- | M] () -- C:Program FilesInterVideoCommonBinWinCinemaMgr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/10/30 07:16:16 | 000,315,392 | ---- | M] () -- C:WINDOWSsystem32ANPDApi.dll

MOD - [2011/10/14 05:55:04 | 012,430,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Windows.Forms71a2ae9ad561a62181cbd9fb11e9de7aSystem.Windows.Forms.ni.dll

MOD - [2011/10/14 05:54:46 | 001,587,200 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Drawingc10bea3c4bb7ef654651141bf9419090System.Drawing.ni.dll

MOD - [2011/10/13 22:49:12 | 007,950,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32Systemaf39f6e644af02873b9bae319f2bfb13System.ni.dll

MOD - [2011/10/13 22:49:02 | 011,490,816 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlibca87ba84221991839abbe7d4bc9c6721mscorlib.ni.dll

MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:Program FilesD-LinkDWA-125 revAwlanapp.dll

MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:Program FilesCommon FilesAppleApple Application Supportzlib1.dll

MOD - [2009/05/22 09:04:59 | 000,303,104 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILmscorlib.resources2.0.0.0_nl_b77a5c561934e089mscorlib.resources.dll

MOD - [2008/07/23 16:04:20 | 005,625,344 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineFourEngine.exe

MOD - [2008/04/15 09:07:34 | 000,053,248 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineAsSpindownTimeout.dll

MOD - [2006/01/10 09:50:20 | 000,024,576 | R--- | M] () -- C:WINDOWSsystem32AsIO.dll

MOD - [2005/05/11 15:39:32 | 000,565,248 | ---- | M] () -- C:Program FilesASUSEPU-4 Enginepngio.dll

MOD - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:Program FilesSpywareGuardsgmain.exe

MOD - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:Program FilesSpywareGuardsgbhp.exe

MOD - [2003/08/02 22:20:57 | 000,126,976 | R--- | M] () -- C:Program FilesSpywareGuardspywareguard.dll

MOD - [2003/06/06 16:51:48 | 000,131,072 | ---- | M] () -- C:Program FilesInterVideoCommonBinWinCinemaMgr.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011/10/30 17:06:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:Program FilesSUPERAntiSpywareSASCORE.EXE -- (!SASCORE)

SRV - [2011/10/30 07:47:56 | 003,045,688 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware)

SRV - [2011/10/26 11:42:32 | 000,091,816 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:Program FilesPCPitstopPCPitstopScheduleService.exe -- (PCPitstop Scheduling)

SRV - [2011/10/08 07:50:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86RaMaint.exe -- (LMIMaint)

SRV - [2011/10/08 07:50:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)

SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86LogMeIn.exe -- (LogMeIn)

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe -- (ACDaemon)

SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [On_Demand | Stopped] -- C:Program FilesD-LinkDWA-125 revAANIWZCSdS.exe -- (D_Link_DWA-125)

SRV - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesD-LinkDWA-125 revAANIWConnService.exe -- (D_Link_DWA-125_WPS)

SRV - [2009/05/20 09:50:20 | 002,772,302 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:WINDOWSSystem32GameMon.des -- (npggsvc)

SRV - [2007/11/06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:Program FilesWinPcaprpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft LifeCamMSCamS32.exe -- (MSCamSvc)

SRV - [2006/09/28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2003/03/09 20:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:WINDOWSsystem32HPZipm12.exe -- (Pml Driver HPZ12)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/11/03 06:59:39 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{01BAA76E-C68A-4F4A-9B66-DF535EDC036E}MpKsl4db32db8.sys -- (MpKsl4db32db8)

DRV - [2011/10/30 17:06:43 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/10/30 17:06:42 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSUPERAntiSpywareSASDIFSV.SYS -- (SASDIFSV)

DRV - [2011/10/30 07:16:16 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:WINDOWSsystem32ANPD.SYS -- (ANPD)

DRV - [2011/10/08 07:50:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:WINDOWSSystem32LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2011/06/15 09:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:WINDOWSSystem32driversscdemu.sys -- (SCDEmu)

DRV - [2011/06/12 19:53:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:Program FilesSUPERAntiSpywareSASENUM.SYS -- (SASENUM)

DRV - [2011/02/20 20:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc)

DRV - [2011/01/26 10:31:28 | 000,805,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversSmiUsbGrabber3C.sys -- (SMIGrabber3C)

DRV - [2009/12/25 18:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversMonfilt.sys -- (Monfilt)

DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversAmbfilt.sys -- (Ambfilt)

DRV - [2009/10/23 17:10:10 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:WINDOWSSystem32driversStarOpen.sys -- (StarOpen)

DRV - [2009/09/15 14:09:22 | 000,779,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversDrt2870.sys -- (rt2870)

DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversfssfltr_tdi.sys -- (fssfltr)

DRV - [2009/03/31 17:33:10 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversl1e51x86.sys -- (L1e)

DRV - [2008/07/24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:Program FilesLogMeInx86rainfo.sys -- (LMIInfo)

DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:WINDOWSsystem32driversLMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnmnt.sys -- (nm)

DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversMPE.sys -- (MPE)

DRV - [2007/12/17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:WINDOWSsystem32driversAsIO.sys -- (AsIO)

DRV - [2007/11/06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnpf.sys -- (NPF)

DRV - [2007/05/02 10:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_mdm.sys -- (ssm_mdm)

DRV - [2007/05/02 10:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_mdfl.sys -- (ssm_mdfl)

DRV - [2007/05/02 10:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)

DRV - [2007/05/02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_mdm.sys -- (ss_mdm)

DRV - [2007/05/02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_mdfl.sys -- (ss_mdfl)

DRV - [2007/05/02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV - [2007/04/10 22:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversVX1000.sys -- (VX1000)

DRV - [2006/11/29 06:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversAPLMp50.sys -- (APLMp50)

DRV - [2005/12/18 19:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:Program FilesDScalerDSDrv4.sys -- (DSDrv4)

DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32npptNT2.sys -- (NPPTNT2)

DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversASACPI.sys -- (MTsensor)

DRV - [2002/09/27 06:53:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverspfc.sys -- (pfc)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.be/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://be.msn.com/default.aspx?ocid=iehp

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = nl-be

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 8A 69 41 C1 21 97 CC 01 [binary data]

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=17243&q="

 

FF - [email protected]/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32.dll ()

FF - [email protected]/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]/GoogleEarthPlugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google)

FF - [email protected]/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)

FF - [email protected]/OfficeLive,version=1.3: C:Program FilesMicrosoftOffice LivenpOLW.dll (Microsoft Corp.)

FF - [email protected]/WLPG,version=14.0.8117.0416: C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WPF,version=3.5: C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - [email protected]/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxextensions{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:Program FilesArcSoftMedia Converter for PhilipsInternet Video DownloaderPlugin_FireFox [2010/03/07 12:38:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 4.0.1extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2011/10/30 16:01:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 4.0.1extensionsPlugins: C:Program FilesMozilla Firefoxplugins

 

[2011/02/22 16:50:36 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsmamaApplication DataMozillaExtensions

[2011/10/30 12:10:16 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsmamaApplication DataMozillaFirefoxProfileshefq8rku.defaultextensions

[2011/06/12 20:55:40 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions

[2011/08/10 17:54:30 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:Program FilesMozilla Firefoxextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/05/22 09:53:49 | 000,000,000 | ---D | M] (QuestScan) -- C:Program FilesMozilla Firefoxextensions{F0E1168A-B4B5-484C-B77E-0D28E6B64096}

[2009/06/03 17:08:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:PROGRAM FILESJAVAJRE6LIBDEPLOYJQSFF

[2009/09/01 20:55:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:WINDOWSMICROSOFT.NETFRAMEWORKV3.5WINDOWS PRESENTATION FOUNDATIONDOTNETASSISTANTEXTENSION

[2011/04/14 17:57:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbing.xml

[2010/01/01 09:00:00 | 000,001,892 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbolcom-nl.xml

[2010/01/01 09:00:00 | 000,004,558 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsmarktplaats-nl.xml

[2010/01/01 09:00:00 | 000,001,111 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsvandale-nl.xml

[2010/01/01 09:00:00 | 000,001,049 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginswikipedia-nl.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:WINDOWSsystem32MacromedFlashNPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin7.dll

CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:Program FilesJavajre6binnew_pluginnpjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:Program FilesMicrosoft Silverlight4.0.60531.0npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:WINDOWSsystem32AdobeDirectornp32dsw.dll

CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:Program FilesRealRealPlayerNetscape6nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprpjplug.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:Program FilesWindows Media Playernpdsplay.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:Program FilesMicrosoftOffice LivenpOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202pdf.dll

CHR - plugin: Skype Toolbars (Enabled) = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.5.0.8013_0npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll

CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpdrmv2.dll

CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpwmsdrm.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.69npGoogleUpdate3.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprjplug.dll

CHR - plugin: Windows Liveu00AE Photo Gallery (Enabled) = C:Program FilesWindows LivePhoto GalleryNPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:Program FilesiTunesMozilla Pluginsnpitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.4_0

CHR - Extension: Click to call with Skype = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.5.0.8013_0

 

O1 HOSTS File: ([2009/05/22 19:08:20 | 000,611,053 | ---- | M]) - C:WINDOWSsystem32driversetcHOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 acezip.net #[siteAdvisor.acezip.net]

O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]

O1 - Hosts: 127.0.0.1 phpadsnew.abac.com

O1 - Hosts: 127.0.0.1 a.abnad.net

O1 - Hosts: 127.0.0.1 b.abnad.net

O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]

O1 - Hosts: 127.0.0.1 d.abnad.net

O1 - Hosts: 127.0.0.1 e.abnad.net

O1 - Hosts: 127.0.0.1 t.abnad.net

O1 - Hosts: 127.0.0.1 z.abnad.net

O1 - Hosts: 127.0.0.1 banners.absolpublisher.com

O1 - Hosts: 127.0.0.1 tracking.absolstats.com

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 gtb5.acecounter.com

O1 - Hosts: 127.0.0.1 gtb19.acecounter.com

O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com

O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]

O1 - Hosts: 16309 more lines...

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..Run: [D-Link D-Link DWA-125] C:Program FilesD-LinkDWA-125 revAAirGCFG.exe (D-Link Corp.)

O4 - HKLM..Run: [info Center] C:Program FilesPCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)

O4 - HKLM..Run: [LifeCam] C:Program FilesMicrosoft LifeCamLifeExp.exe (Microsoft Corporation)

O4 - HKLM..Run: [LogMeIn GUI] C:Program FilesLogMeInx86LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..Run: [MSC] C:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)

O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..Run: [six Engine] C:Program FilesASUSEPU-4 EngineFourEngine.exe ()

O4 - HKLM..Run: [uVS10 Preload] C:Program FilesUlead SystemsUlead VideoStudio SE DVDuvPL.exe (Ulead Systems, Inc.)

O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe (Microsoft Corporation)

O4 - HKLM..Run: [WinDVR SchSvr] C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe (InterVideo Inc.)

O4 - HKLM..Run: [WZCSLDR2] C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe (Wireless Service)

O4 - HKCU..RunOnce: [shockwave Updater] C:WINDOWSsystem32AdobeShockwave 11SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.dadsproject.com/Klokkijken/klokkijken.php" File not found

O4 - Startup: C:Documents and SettingsAll UsersMenu StartProgramma'sOpstartenInterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe ()

O4 - Startup: C:Documents and SettingsmamaMenu StartProgramma'sOpstartenSpywareGuard.lnk = C:Program FilesSpywareGuardsgmain.exe ()

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (VersionControl Class)

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243013861984 (MUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 195.130.130.4 195.130.131.4

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{4F52C767-993D-4BB5-AE28-5E54599325CC}: DhcpNameServer = 195.130.131.132 195.130.130.4

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{57CC1820-8280-407F-8BB2-EB8E5714DF5F}: DhcpNameServer = 195.130.130.4 195.130.131.4

O18 - ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSsystem32userinit.exe (Microsoft Corporation)

O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program FilesSUPERAntiSpywareSASWINLO.DLL) - C:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

O20 - WinlogonNotifyLMIinit: DllName - (LMIinit.dll) - C:WINDOWSSystem32LMIinit.dll (LogMeIn, Inc.)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:Program FilesSpywareGuardspywareguard.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/22 07:59:54 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/11/03 07:09:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe

[2011/11/02 11:25:29 | 000,000,000 | RH-D | C] -- C:Documents and SettingsmamaOnlangs geopend

[2011/11/01 12:01:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sSIW

[2011/11/01 12:01:21 | 000,000,000 | ---D | C] -- C:Program FilesSIW

[2011/11/01 09:52:47 | 000,000,000 | ---D | C] -- C:Documents and SettingsmamaBureaubladgmer

[2011/11/01 09:48:59 | 000,000,000 | R--D | C] -- C:Documents and SettingsmamaMenu StartProgramma'sSysteembeheer

[2011/11/01 09:46:37 | 000,607,260 | R--- | C] (Swearware) -- C:Documents and SettingsmamaBureaubladdds.scr

[2011/10/30 21:44:36 | 000,000,000 | ---D | C] -- C:Program FilesTrend Micro

[2011/10/30 21:44:36 | 000,000,000 | ---D | C] -- C:Documents and SettingsmamaMenu StartProgramma'sHiJackThis

[2011/10/30 17:56:16 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataPCPitstopDat

[2011/10/30 17:54:02 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sPC Pitstop

[2011/10/30 14:57:11 | 000,000,000 | ---D | C] -- C:WINDOWSCSC

[2011/10/30 12:09:43 | 000,000,000 | ---D | C] -- D:Documents and SettingsmamaMijn documentenDownloads

[2011/10/30 07:17:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sD-Link

[2011/10/30 07:15:34 | 000,779,136 | ---- | C] (Ralink Technology, Corp.) -- C:WINDOWSSystem32driversDrt2870.sys

[2011/10/30 07:15:33 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:WINDOWSSystem32RaCoInst.dll

[2011/10/30 07:15:32 | 000,000,000 | ---D | C] -- C:Program FilesD-Link

[2011/10/19 15:31:35 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sHEMA Fotoservice

[2011/10/19 15:31:15 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataHEMA Fotoservice

[2011/10/19 15:31:13 | 000,000,000 | ---D | C] -- C:Program FilesHEMA Fotoservice

[2011/10/13 18:56:57 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datatmp

[2011/10/13 18:56:56 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datahps

[2011/10/13 18:56:38 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sbol.com fotoservice

[2011/10/13 18:55:38 | 000,000,000 | ---D | C] -- C:Program Filesbol.com

[1 D:Documents and SettingsmamaMijn documenten*.tmp files -> D:Documents and SettingsmamaMijn documenten*.tmp -> ]

[1 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/11/03 07:09:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe

[2011/11/03 07:06:33 | 000,003,284 | ---- | M] () -- C:WINDOWSSystem32ANIWZCS{57CC1820-8280-407F-8BB2-EB8E5714DF5F}

[2011/11/03 07:06:24 | 000,000,005 | ---- | M] () -- C:WINDOWSSystem32ANIWZCSUSERNAME{57CC1820-8280-407F-8BB2-EB8E5714DF5F}

[2011/11/03 07:06:01 | 000,002,206 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl

[2011/11/03 07:06:00 | 000,001,040 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job

[2011/11/03 07:05:59 | 000,000,294 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-500.job

[2011/11/03 07:05:59 | 000,000,280 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-1005.job

[2011/11/03 07:05:59 | 000,000,276 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-1003.job

[2011/11/03 07:04:41 | 000,000,424 | -H-- | M] () -- C:WINDOWStasksMP Scheduled Scan.job

[2011/11/03 07:03:42 | 000,706,232 | ---- | M] () -- C:WINDOWSSystem32perfh013.dat

[2011/11/03 07:03:42 | 000,607,070 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat

[2011/11/03 07:03:42 | 000,185,908 | ---- | M] () -- C:WINDOWSSystem32perfc013.dat

[2011/11/03 07:03:42 | 000,143,122 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat

[2011/11/03 07:00:00 | 000,001,044 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job

[2011/11/03 06:59:29 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat

[2011/11/02 14:14:00 | 000,000,288 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-1005.job

[2011/11/02 14:11:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl

[2011/11/02 11:22:07 | 000,005,120 | ---- | M] () -- C:Documents and SettingsmamaLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/01 12:01:27 | 000,000,610 | ---- | M] () -- C:Documents and SettingsmamaBureaubladSIW.lnk

[2011/11/01 09:48:43 | 000,294,216 | ---- | M] () -- C:Documents and SettingsmamaBureaubladgmer.zip

[2011/11/01 09:46:39 | 000,607,260 | R--- | M] (Swearware) -- C:Documents and SettingsmamaBureaubladdds.scr

[2011/10/30 21:45:14 | 000,002,445 | ---- | M] () -- C:Documents and SettingsmamaBureaubladHiJackThis.lnk

[2011/10/30 18:43:37 | 000,002,187 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladSafari.lnk

[2011/10/30 18:25:42 | 000,000,244 | ---- | M] () -- C:Documents and SettingsmamaBureaubladToverboom InfoCentrum.url

[2011/10/30 17:54:02 | 000,001,675 | ---- | M] () -- C:Documents and SettingsmamaBureaubladPC Matic.lnk

[2011/10/30 17:22:29 | 000,002,493 | ---- | M] () -- C:Documents and SettingsmamaBureaubladMicrosoft Office Word 2007.lnk

[2011/10/30 16:02:47 | 000,001,324 | ---- | M] () -- C:WINDOWSSystem32d3d9caps.dat

[2011/10/30 14:45:40 | 000,000,284 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-1003.job

[2011/10/30 14:39:23 | 000,000,211 | ---- | M] () -- C:Documents and SettingsmamaBureaubladDe Toverboom - WELKOM - Basisschool 'De Toverboom'. Kom alles te weten over onze school..url

[2011/10/30 09:55:19 | 000,000,302 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-500.job

[2011/10/30 09:55:11 | 000,000,682 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladCCleaner.lnk

[2011/10/30 07:17:24 | 000,001,682 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladWireless Connection Manager.lnk

[2011/10/30 07:16:16 | 000,315,392 | ---- | M] () -- C:WINDOWSSystem32ANPDApi.dll

[2011/10/30 07:16:16 | 000,048,640 | ---- | M] () -- C:WINDOWSSystem32ANPD64.SYS

[2011/10/30 07:16:16 | 000,034,008 | ---- | M] () -- C:WINDOWSSystem32ANPD.VXD

[2011/10/30 07:16:16 | 000,029,411 | ---- | M] () -- C:WINDOWSSystem32ANPD.SYS

[2011/10/29 17:28:37 | 000,001,813 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladGoogle Chrome.lnk

[2011/10/19 14:55:38 | 000,000,914 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladbol.com fotoservice.lnk

[2011/10/19 14:55:38 | 000,000,884 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladCEWE Fotoshow.lnk

[2011/10/14 05:51:45 | 000,293,272 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2011/10/08 07:50:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIRfsClientNP.dll

[2011/10/08 07:50:35 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIinit.dll

[2011/10/08 07:50:35 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIport.dll

[1 D:Documents and SettingsmamaMijn documenten*.tmp files -> D:Documents and SettingsmamaMijn documenten*.tmp -> ]

[1 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/11/02 11:20:44 | 000,005,120 | ---- | C] () -- C:Documents and SettingsmamaLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/01 12:01:27 | 000,000,610 | ---- | C] () -- C:Documents and SettingsmamaBureaubladSIW.lnk

[2011/11/01 09:48:43 | 000,294,216 | ---- | C] () -- C:Documents and SettingsmamaBureaubladgmer.zip

[2011/10/30 21:44:37 | 000,002,445 | ---- | C] () -- C:Documents and SettingsmamaBureaubladHiJackThis.lnk

[2011/10/30 17:40:33 | 000,000,244 | ---- | C] () -- C:Documents and SettingsmamaBureaubladToverboom InfoCentrum.url

[2011/10/30 09:55:20 | 000,000,294 | ---- | C] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-500.job

[2011/10/30 09:55:19 | 000,000,302 | ---- | C] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-500.job

[2011/10/30 09:55:11 | 000,000,682 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladCCleaner.lnk

[2011/10/30 07:17:31 | 000,003,284 | ---- | C] () -- C:WINDOWSSystem32ANIWZCS{57CC1820-8280-407F-8BB2-EB8E5714DF5F}

[2011/10/30 07:17:24 | 000,001,682 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladWireless Connection Manager.lnk

[2011/10/30 07:16:23 | 000,000,005 | ---- | C] () -- C:WINDOWSSystem32ANIWZCSUSERNAME{57CC1820-8280-407F-8BB2-EB8E5714DF5F}

[2011/10/30 07:16:16 | 000,315,392 | ---- | C] () -- C:WINDOWSSystem32ANPDApi.dll

[2011/10/30 07:16:16 | 000,048,640 | ---- | C] () -- C:WINDOWSSystem32ANPD64.SYS

[2011/10/30 07:16:16 | 000,034,008 | ---- | C] () -- C:WINDOWSSystem32ANPD.VXD

[2011/10/30 07:16:16 | 000,029,411 | ---- | C] () -- C:WINDOWSSystem32ANPD.SYS

[2011/10/30 07:15:33 | 000,013,931 | ---- | C] () -- C:WINDOWSSystem32RaCoInst.dat

[2011/10/13 18:56:52 | 000,000,914 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladbol.com fotoservice.lnk

[2011/10/13 18:56:52 | 000,000,884 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladCEWE Fotoshow.lnk

[2011/08/13 16:41:18 | 000,204,800 | ---- | C] () -- C:WINDOWSSystem32IVIresizeW7.dll

[2011/08/13 16:41:18 | 000,200,704 | ---- | C] () -- C:WINDOWSSystem32IVIresizeA6.dll

[2011/08/13 16:41:18 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeP6.dll

[2011/08/13 16:41:18 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeM6.dll

[2011/08/13 16:41:18 | 000,188,416 | ---- | C] () -- C:WINDOWSSystem32IVIresizePX.dll

[2011/08/13 16:41:18 | 000,020,480 | ---- | C] () -- C:WINDOWSSystem32IVIresize.dll

[2011/08/11 13:40:49 | 000,061,244 | ---- | C] () -- C:WINDOWSSystem32x264vfw-uninstall.exe

[2011/08/11 13:38:08 | 000,000,135 | ---- | C] () -- C:WINDOWShuffyuv.ini

[2011/08/10 18:18:52 | 000,363,520 | ---- | C] () -- C:WINDOWSSystem32PsisDecd.dll

[2011/07/10 22:04:39 | 000,021,504 | ---- | C] () -- C:WINDOWSjestertb.dll

[2011/03/18 22:18:48 | 000,002,528 | ---- | C] () -- C:Documents and SettingsmamaApplication Data$_hpcst$.hpc

[2011/03/08 20:05:24 | 000,000,162 | ---- | C] () -- C:WINDOWSwininit.ini

[2011/02/23 19:49:33 | 000,000,552 | ---- | C] () -- C:WINDOWSSystem32d3d8caps.dat

[2011/02/20 12:33:22 | 000,000,000 | ---- | C] () -- C:WINDOWSnsreg.dat

[2010/11/18 17:36:02 | 000,027,648 | ---- | C] () -- C:WINDOWSSystem32AVSredirect.dll

[2010/05/06 19:43:34 | 000,001,324 | ---- | C] () -- C:WINDOWSSystem32d3d9caps.dat

[2010/04/06 10:37:57 | 000,000,056 | -H-- | C] () -- C:WINDOWSSystem32ezsidmv.dat

[2010/04/06 10:30:31 | 000,015,498 | ---- | C] () -- C:WINDOWSVX1000.ini

[2010/01/27 21:54:34 | 002,283,526 | ---- | C] () -- C:WINDOWSSystem32nvdata.bin

[2009/12/24 14:53:19 | 000,087,472 | ---- | C] () -- C:WINDOWSSystem32ijjiChannelingPlugin.dll

[2009/10/24 18:51:55 | 000,682,280 | ---- | C] () -- C:WINDOWSSystem32pbsvc.exe

[2009/09/27 18:14:41 | 000,062,036 | -H-- | C] () -- C:WINDOWSSystem32mlfcache.dat

[2009/08/06 09:42:23 | 000,138,160 | ---- | C] () -- C:WINDOWSSystem32driversPnkBstrK.sys

[2009/08/06 09:42:01 | 000,271,200 | ---- | C] () -- C:WINDOWSSystem32PnkBstrB.exe

[2009/08/06 09:41:56 | 000,075,136 | ---- | C] () -- C:WINDOWSSystem32PnkBstrA.exe

[2009/08/06 09:41:46 | 000,000,287 | ---- | C] () -- C:WINDOWSgame.ini

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:WINDOWSSystem32OGACheckControl.dll

[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:WINDOWSSystem32OGAEXEC.exe

[2009/07/12 16:39:51 | 000,000,751 | ---- | C] () -- C:WINDOWSSpiderman.INI

[2009/07/12 10:32:17 | 000,158,952 | ---- | C] () -- C:WINDOWSSystem32PubPlugin.dll

[2009/06/29 17:33:43 | 000,000,000 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataLauncherAccess.dt

[2009/06/29 17:27:54 | 000,005,632 | ---- | C] () -- C:WINDOWSSystem32driversStarOpen.sys

[2009/06/01 19:43:54 | 000,019,558 | ---- | C] () -- C:WINDOWShpoins01.dat

[2009/06/01 19:43:54 | 000,016,606 | ---- | C] () -- C:WINDOWShpomdl01.dat

[2009/05/22 09:48:05 | 000,004,205 | ---- | C] () -- C:WINDOWSODBCINST.INI

[2009/05/22 09:45:27 | 000,293,272 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2009/05/22 09:13:54 | 000,000,127 | ---- | C] () -- C:Documents and SettingsmamaLocal SettingsApplication Datafusioncache.dat

[2009/05/22 08:19:56 | 000,024,576 | R--- | C] () -- C:WINDOWSSystem32AsIO.dll

[2009/05/22 08:19:56 | 000,012,400 | R--- | C] () -- C:WINDOWSSystem32driversAsIO.sys

[2009/05/22 08:19:54 | 000,011,832 | ---- | C] () -- C:WINDOWSSystem32driversAsInsHelp64.sys

[2009/05/22 08:19:54 | 000,010,216 | ---- | C] () -- C:WINDOWSSystem32driversAsInsHelp32.sys

[2009/05/22 08:06:28 | 000,028,928 | ---- | C] () -- C:WINDOWSAscd_log.ini

[2009/05/22 08:05:27 | 000,005,810 | R--- | C] () -- C:WINDOWSSystem32driversASACPI.sys

[2009/05/22 08:05:12 | 000,028,545 | ---- | C] () -- C:WINDOWSAscd_tmp.ini

[2009/05/22 08:05:12 | 000,010,296 | ---- | C] () -- C:WINDOWSSystem32driversASUSHWIO.SYS

[2009/05/22 08:01:16 | 000,002,048 | --S- | C] () -- C:WINDOWSbootstat.dat

[2009/05/22 07:57:44 | 000,021,748 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat

[2009/02/09 06:18:00 | 001,724,416 | ---- | C] () -- C:WINDOWSSystem32nvwdmcpl.dll

[2009/02/09 06:18:00 | 001,657,376 | ---- | C] () -- C:WINDOWSSystem32nwiz.exe

[2009/02/09 06:18:00 | 001,507,328 | ---- | C] () -- C:WINDOWSSystem32nview.dll

[2009/02/09 06:18:00 | 001,346,080 | ---- | C] () -- C:WINDOWSSystem32nvdspsch.exe

[2009/02/09 06:18:00 | 001,101,824 | ---- | C] () -- C:WINDOWSSystem32nvwimg.dll

[2009/02/09 06:18:00 | 000,466,944 | ---- | C] () -- C:WINDOWSSystem32nvshell.dll

[2009/02/09 06:18:00 | 000,449,056 | ---- | C] () -- C:WINDOWSSystem32nvappbar.exe

[2009/02/09 06:18:00 | 000,436,768 | ---- | C] () -- C:WINDOWSSystem32keystone.exe

[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:WINDOWSSystem32physxcudart_20.dll

[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelTraditionalChinese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSwedish.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSpanish.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSimplifiedChinese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelPortugese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelKorean.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelJapanese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelGerman.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelFrench.dll

[2008/04/15 21:18:40 | 002,084,371 | ---- | C] () -- C:WINDOWSSystem32x264vfw.dll

[2007/11/06 21:19:28 | 000,053,299 | ---- | C] () -- C:WINDOWSSystem32pthreadVC.dll

[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:WINDOWSSystem32oembios.bin

[2004/08/04 13:00:00 | 000,706,232 | ---- | C] () -- C:WINDOWSSystem32perfh013.dat

[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:WINDOWSSystem32mlang.dat

[2004/08/04 13:00:00 | 000,607,070 | ---- | C] () -- C:WINDOWSSystem32perfh009.dat

[2004/08/04 13:00:00 | 000,318,670 | ---- | C] () -- C:WINDOWSSystem32perfi013.dat

[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:WINDOWSSystem32perfi009.dat

[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:WINDOWSSystem32dssec.dat

[2004/08/04 13:00:00 | 000,185,908 | ---- | C] () -- C:WINDOWSSystem32perfc013.dat

[2004/08/04 13:00:00 | 000,143,122 | ---- | C] () -- C:WINDOWSSystem32perfc009.dat

[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:WINDOWSSystem32mib.bin

[2004/08/04 13:00:00 | 000,039,178 | ---- | C] () -- C:WINDOWSSystem32perfd013.dat

[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:WINDOWSSystem32perfd009.dat

[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:WINDOWSSystem32secupd.dat

[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:WINDOWSSystem32oembios.dat

[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:WINDOWSSystem32dcache.bin

[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:WINDOWSSystem32noise.dat

[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:WINDOWSSystem32giveio.sys

 

========== LOP Check ==========

 

[2011/06/05 18:17:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data1C119

[2009/08/13 17:27:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataActivision

[2011/06/05 18:17:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Databoost_interprocess

[2011/08/10 19:26:46 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCanonBJ

[2011/03/14 17:01:35 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCommon Files

[2011/07/10 20:57:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataEasybits GO

[2009/09/22 08:35:45 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataF-Secure

[2011/10/19 15:31:15 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataHEMA Fotoservice

[2011/08/13 16:42:06 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataInterVideo

[2011/11/03 06:59:36 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataLogMeIn

[2011/11/03 07:06:22 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstop

[2011/10/30 17:56:16 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstopDat

[2010/01/27 22:03:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTEMP

[2011/10/19 14:58:56 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datatmp

[2009/12/05 19:06:30 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUbisoft

[2011/08/10 18:15:10 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUlead Systems

[2010/07/08 13:43:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/27 18:32:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/06/10 13:06:41 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/11/08 09:09:14 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataActivision

[2011/04/12 21:32:42 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataBabylonToolbar

[2011/06/05 21:35:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication Databsbandmltbpi

[2009/06/01 18:56:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataGenie-Soft

[2011/06/12 20:49:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataPriceGong

[2011/08/10 21:45:48 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataUlead Systems

[2009/06/04 18:37:34 | 000,000,344 | ---- | M] () -- C:WINDOWSTasksFRU Task #Hewlett-Packard#hp psc 1200 series#1243881968.job

[2011/11/03 07:04:41 | 000,000,424 | -H-- | M] () -- C:WINDOWSTasksMP Scheduled Scan.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%*.* >

[2009/05/22 21:24:16 | 000,001,024 | ---- | M] () -- C:.rnd

[2009/05/22 07:59:54 | 000,000,000 | ---- | M] () -- C:AUTOEXEC.BAT

[2009/09/21 19:36:07 | 000,000,211 | -HS- | M] () -- C:boot.ini

[2004/08/04 13:00:00 | 000,004,952 | RHS- | M] () -- C:Bootfont.bin

[2009/08/17 14:07:00 | 000,000,074 | ---- | M] () -- C:CMLoader.log

[2009/05/22 07:59:54 | 000,000,000 | ---- | M] () -- C:CONFIG.SYS

[2010/11/17 18:56:16 | 000,000,135 | ---- | M] () -- C:error.log

[2011/08/09 12:38:56 | 000,000,524 | ---- | M] () -- C:hpfr3420.xml

[2011/08/09 12:38:56 | 000,206,064 | ---- | M] () -- C:hpfr3425.log

[2009/08/15 23:05:02 | 000,000,921 | -H-- | M] () -- C:hpothb07.dat

[2009/08/15 23:05:02 | 000,002,225 | -H-- | M] () -- C:hpothb07.tif

[2011/02/16 17:22:12 | 000,460,824 | ---- | M] () -- C:img2-001.raw

[2009/05/22 07:59:54 | 000,000,000 | RHS- | M] () -- C:IO.SYS

[2009/05/22 07:59:54 | 000,000,000 | RHS- | M] () -- C:MSDOS.SYS

[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:NTDETECT.COM

[2009/05/22 08:41:40 | 000,251,712 | RHS- | M] () -- C:ntldr

[2011/11/03 06:59:24 | 2145,386,496 | -HS- | M] () -- C:pagefile.sys

[2009/05/22 08:07:45 | 000,001,589 | ---- | M] () -- C:RHDSetup.log

 

< %systemroot%Fonts*.com >

[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:WINDOWSFontsGlobalMonospace.CompositeFont

[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:WINDOWSFontsGlobalSansSerif.CompositeFont

[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:WINDOWSFontsGlobalSerif.CompositeFont

[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:WINDOWSFontsGlobalUserInterface.CompositeFont

 

< %systemroot%Fonts*.dll >

 

< %systemroot%Fonts*.ini >

[2009/05/22 07:59:35 | 000,000,067 | -HS- | M] () -- C:WINDOWSFontsdesktop.ini

 

< %systemroot%Fonts*.ini2 >

 

< %systemroot%Fonts*.exe >

 

< %systemroot%system32spoolprtprocsw32x86*.* >

[2010/08/25 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPDA9.DLL

[2010/08/25 04:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPPA9.DLL

[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86filterpipelineprintproc.dll

[2011/10/08 07:50:36 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSsystem32spoolprtprocsw32x86LMIproc.dll

[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86printfilterpipelinesvc.exe

 

< %systemroot%REPAIR*.bak1 >

 

< %systemroot%REPAIR*.ini >

 

< %systemroot%system32*.jpg >

 

< %systemroot%*.jpg >

 

< %systemroot%*.png >

 

< %systemroot%*.scr >

[2010/04/17 02:11:10 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:WINDOWSWLXPGSS.SCR

[1 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]

 

< %systemroot%*._sy >

 

< %APPDATA%AdobeUpdate*.* >

 

< %ALLUSERSPROFILE%Favorites*.* >

 

< %APPDATA%Microsoft*.* >

 

< %PROGRAMFILES%*.* >

 

< %APPDATA%Update*.* >

 

< %systemroot%*. /mp /s >

 

< %systemroot%System32config*.sav >

[2009/05/22 09:44:41 | 000,094,208 | ---- | M] () -- C:WINDOWSSystem32configdefault.sav

[2009/05/22 09:44:41 | 000,663,552 | ---- | M] () -- C:WINDOWSSystem32configsoftware.sav

[2009/05/22 09:44:41 | 000,450,560 | ---- | M] () -- C:WINDOWSSystem32configsystem.sav

 

< %PROGRAMFILES%bak. /s >

 

< %systemroot%system32bak. /s >

 

< %ALLUSERSPROFILE%Start Menu*.lîk /x >

 

< %systemroot%system32configsystemprofile*.dat /x >

 

< %systemroot%*.config >

 

< %systemroot%system32*.db >

 

< %PROGRAMFILES%Internet Explorer*.dat >

 

< %APPDATA%MikzosoftInternet ExplorerQuick Launch*.lnk /x >

 

< %USERPROFILE%Deskuop*.exe >

 

< %PROGRAMFILES%Common Files*.* >

 

< %systemroot%*.src >

[2007/04/10 22:46:53 | 000,013,023 | ---- | M] () -- C:WINDOWSVX1000.src

[1 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]

 

< %systemroot%install*.* >

 

< %systemroot%system32DLL*.* >

 

< %systemroot%system32HelpFiles*.* >

 

< %systemroot%system32rundll*.* >

 

< %systemroot%winn32*.* >

 

< %systemroot%Java*.* >

 

< %systemroot%system32test*.* >

 

< %systemroot%system32Rundll32*.* >

 

< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

 

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstallLastSuccessTime: 2011-10-14 06:01:59

 

 

< MD5 for: EXPLORER.EXE >

[2004/08/04 13:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=A1D7304A87FC3093150F5E3CC7B0F338 -- C:WINDOWS$NtServicePackUninstall$explorer.exe

[2008/04/14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:WINDOWSexplorer.exe

[2008/04/14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:WINDOWSServicePackFilesi386explorer.exe

 

< MD5 for: EXPLORER.EXE-082F38A9.PF >

[2011/11/03 07:06:16 | 000,133,228 | ---- | M] () MD5=EF2588AEAF4EB23E279B74BF9CFAF701 -- C:WINDOWSPrefetchEXPLORER.EXE-082F38A9.pf

 

< MD5 for: EXPLORER.SCF >

[2004/08/04 13:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:WINDOWSexplorer.scf

 

< MD5 for: IEXPLORE.CHM >

[2009/02/26 02:51:16 | 000,579,272 | ---- | M] () MD5=63E0C6D9070736AAAD95791A8C028E86 -- C:WINDOWSHelpiexplore.chm

[2004/08/04 13:00:00 | 000,226,342 | ---- | M] () MD5=8CBC2453EBF6EE5AC54027A9F8CB0D42 -- C:WINDOWSie8iexplore.chm

 

< MD5 for: IEXPLORE.EXE >

[2008/04/14 18:03:01 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=164B6F619C579FAD4E548ACC654FF710 -- C:WINDOWSie8iexplore.exe

[2008/04/14 18:03:01 | 000,093,184 | ---- | M] (Microsoft Corporation

Link to post
Share on other sites

Extra.TXT

 

 

OTL Extras logfile created on: 3/11/2011 7:10:37 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsmamaBureaublad

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = )

Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

 

3,25 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 80,21% Memory free

5,09 Gb Paging File | 4,58 Gb Available in Paging File | 89,96% Paging File free

Paging file location(s): C:pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 146,48 Gb Total Space | 32,46 Gb Free Space | 22,16% Space Free | Partition Type: NTFS

Drive D: | 151,61 Gb Total Space | 141,39 Gb Free Space | 93,26% Space Free | Partition Type: NTFS

 

Computer Name: FRANCINE | User Name: mama | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USERSOFTWAREClasses<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [bol.com fotoservice] -- "C:Program Filesbol.combol.com fotoservicebol.com fotoservice.exe" "%1"

Directory [CEWE Fotoshow] -- "C:Program Filesbol.combol.com fotoserviceCEWE Fotoshow.exe" -d "%1" ()

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSr]

"Start" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileGloballyOpenPortsList]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1620:UDP" = 1620:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)

"1621:UDP" = 1621:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)

"1624:UDP" = 1624:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

"C:Program FilesBearShare ApplicationsBearShareBearShare.exe" = C:Program FilesBearShare ApplicationsBearShareBearShare.exe:*:Enabled:BearShare

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]

"C:Program FilesAVGAVG8avgemc.exe" = C:Program FilesAVGAVG8avgemc.exe:*:Enabled:avgemc.exe

"C:Program FilesAVGAVG8avgupd.exe" = C:Program FilesAVGAVG8avgupd.exe:*:Enabled:avgupd.exe

"C:Program FilesAVGAVG8avgnsx.exe" = C:Program FilesAVGAVG8avgnsx.exe:*:Enabled:avgnsx.exe

"C:WINDOWSDownloaded Program FilesPurpleBean.exe" = C:WINDOWSDownloaded Program FilesPurpleBean.exe:*:Enabled:PurpleBean.exe -- ()

"C:ijjiENGLISHu_sfsoldierfront.exe" = C:ijjiENGLISHu_sfsoldierfront.exe:*:Disabled:soldierfront -- ()

"C:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx9.exe" = C:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)

"C:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx10.exe" = C:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)

"C:Program FilesUbisoftAssassin's CreedAssassinsCreed_Launcher.exe" = C:Program FilesUbisoftAssassin's CreedAssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)

"C:Program FilesActivisionCall of Duty - World at WarCoDWaW.exe" = C:Program FilesActivisionCall of Duty - World at WarCoDWaW.exe:*:Enabled:Call of Duty® - World at War -- (Activision Blizzard, Inc.)

"C:Program FilesActivisionCall of Duty - World at WarCoDWaWmp.exe" = C:Program FilesActivisionCall of Duty - World at WarCoDWaWmp.exe:*:Enabled:Call of Duty® - World at War -- (Activision Blizzard, Inc.)

"C:WINDOWSDownloaded Program FilesijjiOptimizer.exe" = C:WINDOWSDownloaded Program FilesijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()

"C:Program FilesMicrosoft LifeCamLifeCam.exe" = C:Program FilesMicrosoft LifeCamLifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)

"C:Program FilesMicrosoft LifeCamLifeExp.exe" = C:Program FilesMicrosoft LifeCamLifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)

"C:Program FilesSkypePlugin ManagerskypePM.exe" = C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager

"C:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4sp.exe" = C:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()

"C:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4mp.exe" = C:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()

"C:Program FilesGoogleGoogle Earthclientgoogleearth.exe" = C:Program FilesGoogleGoogle Earthclientgoogleearth.exe:*:Enabled:Google Earth -- (Google)

"C:Program FilesWolfenstein - Enemy TerritoryET.exe" = C:Program FilesWolfenstein - Enemy TerritoryET.exe:*:Enabled:ET -- ()

"C:Program FilesBearShare ApplicationsBearShareBearShare.exe" = C:Program FilesBearShare ApplicationsBearShareBearShare.exe:*:Enabled:BearShare

"C:Program FilesSafariSafari.exe" = C:Program FilesSafariSafari.exe:*:Enabled:Safari -- (Apple Inc.)

"C:Program FilesActivisionCall of Duty 2CoD2MP_s.exe" = C:Program FilesActivisionCall of Duty 2CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()

"C:Program FilesActivisionCall of Duty 4 - Modern Warfareiw3mp.exe" = C:Program FilesActivisionCall of Duty 4 - Modern Warfareiw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare -- ()

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld

"{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers

"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War 1.3 Patch

"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3

"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 16

"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War 1.2 Patch

"{2C86B1A6-B82C-4C3F-B6E8-C00C20D512A1}" = Sudoku Beginner

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer

"{41DFDD57-21B7-4C48-8C75-FFB35696CA8B}" = Windows Live Toolbar

"{43B0D334-9A1B-4257-9E51-D3813BD8B9D0}" = GoGear ARIA Device Manager

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client NL-NL Language Pack

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists

"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}" = InterVideo WinDVR 3

"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari

"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma

"{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}" = Windows Live Photo Gallery

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes

"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front

"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine

"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD

"{90120000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 12

"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007

"{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007

"{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007

"{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007

"{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007

"{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007

"{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007

"{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007

"{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISE_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007

"{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007

"{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch

"{95120000-003F-0413-0000-0000000FF1CE}" = Microsoft Office Excel Viewer

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP-software voor foto- en beeldbewerking 2.0 - All-in-One

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CE80D58-2E74-4FF4-A2D2-5E714E470F36}" = ASUS nVidia Driver

"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War 1.4 Patch

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.09.16

"{AC76BA86-7AD7-1043-7B44-A91000000001}" = Adobe Reader 9.1 - Nederlands

"{B03B98E3-2795-48F6-BA33-793BBF5DF685}" = SMI Grabber Device

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C06B9160-52A1-4453-B7BC-206EFB0C7F3A}" = Samsung PC Studio 3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series

"{CAEB2BE8-EF9E-4BFE-8165-3B54B62AF6CF}" = Windows Live Family Safety

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War

"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX

"{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E45CACFE-0576-4375-A84F-C34B99A7B652}" = D-Link DWA-125

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips

"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F73EA8BF-81F5-32AF-8D8A-24F12FD23B79}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD

"{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}" = Microsoft Antimalware Service NL-NL Language Pack

"5D26283FF35ECB8C8F1198F7E3C1F10046EC11A4" = Windows-stuurprogrammapakket - NVIDIA (nv) Display (01/11/2010 6.14.11.9621)

"68B5B659620BA71C88432828271F056F69D0C6DE" = Windows-stuurprogrammapakket - Realtek Semiconductor Corp. HD Audio Driver (12/25/2009 5.10.0.6013)

"6E5E9FF67691504D438CA4136E168A96A4E4FFC0" = Windows-stuurprogrammapakket - Atheros (L1e) Net (03/31/2009 1.0.0.36)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AMCap" = AMCap

"Any Video Converter_is1" = Any Video Converter 3.1.1

"Applian Director2.1" = Applian Director

"AviSynth" = AviSynth 2.5

"bol.com fotoservice" = bol.com fotoservice

"CCleaner" = CCleaner

"conduitEngine" = Conduit Engine

"DScaler 4.1.15_is1" = DScaler 4.1.15

"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Free Audio Dub_is1" = Free Audio Dub version 1.7.7

"Free Studio_is1" = Free Studio version 5.0.8

"Free Video Dub_is1" = Free Video Dub version 1.8

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.1

"Free YouTube Download_is1" = Free YouTube Download 2.10

"Google Chrome" = Google Chrome

"Gunz" = ijji - Gunz

"HEMA Fotoservice_is1" = HEMA Fotoservice

"HP PSC 1200 Series" = HP-software voor foto- en beeldbewerking 2.0 - HP psc 1200

"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)

"ie8" = Windows Internet Explorer 8

"Info Center_is1" = Info Center 1.0.0.7

"InstallShield_{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express

"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War 1.3 Patch

"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War 1.2 Patch

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch

"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War 1.4 Patch

"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"LameACM" = Lame ACM MP3 Codec

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 4.0.1 (x86 nl)" = Mozilla Firefox 4.0.1 (x86 nl)

"NVIDIA Drivers" = NVIDIA Drivers

"PC Matic_is1" = PC Matic 1.1.0.44

"PhotoScape" = PhotoScape

"PowerISO" = PowerISO

"PSP Video 9" = PSP Video 9 6

"PunkBusterSvc" = PunkBuster Services

"Revo Uninstaller" = Revo Uninstaller 1.92

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"SpywareBlaster_is1" = SpywareBlaster 4.2

"SpywareGuard_is1" = SpywareGuard v2.2

"Steam App 10180" = Call of Duty: Modern Warfare 2

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"SystemRequirementsLab" = System Requirements Lab

"Uninstall_is1" = Uninstall 1.0.0.1

"Videora iPod touch Converter" = Videora iPod touch Converter 6

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.0.2

"WinRAR archiver" = WinRAR

"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory

"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)

"Xfire" = Xfire (remove only)

"YouTube Downloader App" = YouTube Downloader App 3.00

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 1/11/2011 4:48:49 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3011

Description = Het verwijderen van de tekenreeksen van prestatiemeteritems voor de

WmiApRpl-service (WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie

Gegevens.

 

Error - 2/11/2011 5:25:38 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3012

Description = De prestatietekenreeksen in de waarde van de registersleutel Performance

worden beschadigd bij het verwerken van de Performance extension counter provider.

De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in

de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp

de derde DWORD.

 

Error - 2/11/2011 5:25:38 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3012

Description = De prestatietekenreeksen in de waarde van de registersleutel Performance

worden beschadigd bij het verwerken van de Performance extension counter provider.

De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in

de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp

de derde DWORD.

 

Error - 2/11/2011 5:25:38 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3011

Description = Het verwijderen van de tekenreeksen van prestatiemeteritems voor de

WmiApRpl-service (WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie

Gegevens.

 

Error - 2/11/2011 9:14:17 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3012

Description = De prestatietekenreeksen in de waarde van de registersleutel Performance

worden beschadigd bij het verwerken van de Performance extension counter provider.

De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in

de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp

de derde DWORD.

 

Error - 2/11/2011 9:14:18 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3012

Description = De prestatietekenreeksen in de waarde van de registersleutel Performance

worden beschadigd bij het verwerken van de Performance extension counter provider.

De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in

de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp

de derde DWORD.

 

Error - 2/11/2011 9:14:18 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3011

Description = Het verwijderen van de tekenreeksen van prestatiemeteritems voor de

WmiApRpl-service (WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie

Gegevens.

 

Error - 3/11/2011 2:03:39 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3012

Description = De prestatietekenreeksen in de waarde van de registersleutel Performance

worden beschadigd bij het verwerken van de Performance extension counter provider.

De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in

de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp

de derde DWORD.

 

Error - 3/11/2011 2:03:39 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3012

Description = De prestatietekenreeksen in de waarde van de registersleutel Performance

worden beschadigd bij het verwerken van de Performance extension counter provider.

De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in

de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp

de derde DWORD.

 

Error - 3/11/2011 2:03:39 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3011

Description = Het verwijderen van de tekenreeksen van prestatiemeteritems voor de

WmiApRpl-service (WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie

Gegevens.

 

[ OSession Events ]

Error - 2/06/2009 15:19:05 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2/06/2009 15:19:33 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2/06/2009 15:19:55 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 13/07/2009 5:40:04 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 13/07/2009 5:40:10 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 6/04/2011 11:12:26 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 3/06/2011 12:49:47 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 3/06/2011 16:16:19 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 3/06/2011 16:16:30 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 1/09/2011 13:58:16 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2069

seconds with 1320 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 30/10/2011 11:00:59 | Computer Name = FRANCINE | Source = DCOM | ID = 10005

Description = DCOM kreeg foutmelding '%1084' bij het starten van de MSIServer-service

met de argumenten '' om de server {000C101C-0000-0000-C000-000000000046} te starten

 

Error - 30/10/2011 11:01:12 | Computer Name = FRANCINE | Source = DCOM | ID = 10005

Description = DCOM kreeg foutmelding '%1084' bij het starten van de MSIServer-service

met de argumenten '' om de server {000C101C-0000-0000-C000-000000000046} te starten

 

Error - 30/10/2011 11:02:51 | Computer Name = FRANCINE | Source = DCOM | ID = 10005

Description = DCOM kreeg foutmelding '%1084' bij het starten van de wuauserv-service

met de argumenten '' om de server {E60687F7-01A1-40AA-86AC-DB1CBF673334} te starten

 

Error - 30/10/2011 11:16:56 | Computer Name = FRANCINE | Source = DCOM | ID = 10005

Description = DCOM kreeg foutmelding '%1084' bij het starten van de EventSystem-service

met de argumenten '' om de server {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

 

Error - 30/10/2011 12:21:01 | Computer Name = FRANCINE | Source = Microsoft Antimalware | ID = 2001

Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen.

Nieuwe

handtekeningversie: Vorige handtekeningversie: 1.115.893.0 Updatebron: %%859 Updatefase:

%%854 Bronpad: http://www.microsoft.com Handtekeningtype: %%800 Updatetype: %%803 Gebruiker:

NT AUTHORITYSYSTEM Huidige engineversie: Vorige engineversie: 1.1.7801.0 Foutcode:

0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht

probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over

het installeren van updates en het oplossen van problemen.

 

Error - 30/10/2011 12:21:01 | Computer Name = FRANCINE | Source = Microsoft Antimalware | ID = 2001

Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen.

Nieuwe

handtekeningversie: Vorige handtekeningversie: 1.115.893.0 Updatebron: %%859 Updatefase:

%%854 Bronpad: http://www.microsoft.com Handtekeningtype: %%800 Updatetype: %%803 Gebruiker:

NT AUTHORITYSYSTEM Huidige engineversie: Vorige engineversie: 1.1.7801.0 Foutcode:

0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht

probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over

het installeren van updates en het oplossen van problemen.

 

Error - 30/10/2011 12:21:01 | Computer Name = FRANCINE | Source = Microsoft Antimalware | ID = 2001

Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen.

Nieuwe

handtekeningversie: Vorige handtekeningversie: 1.115.893.0 Updatebron: %%859 Updatefase:

%%853 Bronpad: http://www.microsoft.com Handtekeningtype: %%800 Updatetype: %%803 Gebruiker:

NT AUTHORITYSYSTEM Huidige engineversie: Vorige engineversie: 1.1.7801.0 Foutcode:

0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht

probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over

het installeren van updates en het oplossen van problemen.

 

Error - 30/10/2011 12:23:09 | Computer Name = FRANCINE | Source = Microsoft Antimalware | ID = 2001

Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen.

Nieuwe

handtekeningversie: Vorige handtekeningversie: 1.115.893.0 Updatebron: %%859 Updatefase:

%%854 Bronpad: http://www.microsoft.com Handtekeningtype: %%800 Updatetype: %%803 Gebruiker:

NT AUTHORITYSYSTEM Huidige engineversie: Vorige engineversie: 1.1.7801.0 Foutcode:

0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht

probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over

het installeren van updates en het oplossen van problemen.

 

Error - 30/10/2011 12:23:09 | Computer Name = FRANCINE | Source = Microsoft Antimalware | ID = 2001

Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen.

Nieuwe

handtekeningversie: Vorige handtekeningversie: 1.115.893.0 Updatebron: %%859 Updatefase:

%%854 Bronpad: http://www.microsoft.com Handtekeningtype: %%800 Updatetype: %%803 Gebruiker:

NT AUTHORITYSYSTEM Huidige engineversie: Vorige engineversie: 1.1.7801.0 Foutcode:

0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht

probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over

het installeren van updates en het oplossen van problemen.

 

Error - 30/10/2011 12:23:09 | Computer Name = FRANCINE | Source = Microsoft Antimalware | ID = 2001

Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen.

Nieuwe

handtekeningversie: Vorige handtekeningversie: 1.115.893.0 Updatebron: %%859 Updatefase:

%%853 Bronpad: http://www.microsoft.com Handtekeningtype: %%800 Updatetype: %%803 Gebruiker:

NT AUTHORITYSYSTEM Huidige engineversie: Vorige engineversie: 1.1.7801.0 Foutcode:

0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht

probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over

het installeren van updates en het oplossen van problemen.

 

 

< End of report >

Link to post
Share on other sites

Hello gagaman

 

After that I navigated manually to that map and did not find the file

Thank you for letting me know :)

 

Lets proceed as follows:

  • Please open OTL

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL.

     

    :OTL

    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

    FF - prefs.js..browser.search.defaulturl: "http://search.babylo...search&AF=17243"

    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

    FF - prefs.js..keyword.URL: "http://search.babylo...rtrp&AF=17243="

    [2011/04/12 21:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\BabylonToolbar

    [2011/06/12 20:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\PriceGong

     

    :Commands

    [purity]

    [emptytemp]

    [emptyflash]

    [start explorer]

    [Reboot]

     

     

  • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
  • Allow the program to run unhindered.
  • Your machine will re-start itself. This is normal.
  • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
  • Please perform the following scan:

    • Please download MalwareBytes AntiMalware by clicking here and save the file (called mbam-setup.exe) to your desktop.
    • Double click on the mbam-setup.exe icon to install the program.
    • Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
    • Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.
  • Please update your Java

    • To update your Java, Click on "Start" then on "Control Panel" and then on the Java icon (looks like a coffee cup).
    • In the window that opens, click on the "Update" tab, and then on "Update Now".
    • Your Java should begin to update. Please follow any prompts that you receive.
  • Please run the following scan

    • Note:Internet Explorer is preferred for this scan, although it will run with other browsers.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.
    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image
    Please post the OTL log, the MBAM log and the ESET log in your next reply :)
Link to post
Share on other sites

Hello JonTom,

 

Thanks for the reply. I followed your instructions. Had some problems with the esetscanner... I could not find the Posted Image button. So could not create a log. I did make a screenshot of the results. Will post it below.

 

Java is updated.

 

 

OTL-Log

 

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename

Prefs.js: "http://search.babylo...search&AF=17243" removed from browser.search.defaulturl

Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1

Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine

Prefs.js: "http://search.babylo.....rtrp&AF=17243=" removed from keyword.URL

C:Documents and SettingsmamaApplication DataBabylonToolbarBabylonToolbar folder moved successfully.

C:Documents and SettingsmamaApplication DataPriceGongData folder moved successfully.

C:Documents and SettingsmamaApplication DataPriceGong folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 114688 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 419 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: mama

->Temp folder emptied: 765948 bytes

->Temporary Internet Files folder emptied: 13560635 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 45340284 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 702 bytes

 

User: NetworkService

->Temp folder emptied: 6876 bytes

->Temporary Internet Files folder emptied: 857748 bytes

 

User: Nienke

 

User: Thomas

->Apple Safari cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32dllcache .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 21861 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 147094295 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 198,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: LogMeInRemoteUser

 

User: mama

->Flash cache emptied: 0 bytes

 

User: NetworkService

 

User: Nienke

 

User: Thomas

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 11032011_143122

FilesFolders moved on Reboot...

Registry entries deleted on Reboot...

 

 

Malwarebytes antimalware-log

 

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8075

Windows 5.1.2600 Service Pack 3

Internet Explorer Unknown

3/11/2011 14:41:01

mbam-log-2011-11-03 (14-41-01).txt

Scan type: Quick scan

Objects scanned: 227763

Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 9

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:documents and settingsThomasapplication datashoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:documents and settingsThomasapplication datashoppingreport2cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:documents and settingsThomasapplication datashoppingreport2csdb (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:documents and settingsThomasapplication datashoppingreport2csdwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:documents and settingsThomasapplication datashoppingreport2csreport (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096} (Adware.QuestScan) -> Quarantined and deleted successfully.

c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096}chrome (Adware.QuestScan) -> Quarantined and deleted successfully.

c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096}defaults (Adware.QuestScan) -> Quarantined and deleted successfully.

c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096}defaultspreferences (Adware.QuestScan) -> Quarantined and deleted successfully.

Files Infected:

c:documents and settingsThomasapplication datashoppingreport2csConfig.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:documents and settingsThomasapplication datashoppingreport2csdbAliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:documents and settingsThomasapplication datashoppingreport2csreportaggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:documents and settingsThomasapplication datashoppingreport2csreportsend_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096}chrome.manifest (Adware.QuestScan) -> Quarantined and deleted successfully.

c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096}install.rdf (Adware.QuestScan) -> Quarantined and deleted successfully.

c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096}defaultspreferencesprefs.js (Adware.QuestScan) -> Quarantined and deleted successfully.

 

Eset-log

 

Posted Image

Edited by gagaman
Link to post
Share on other sites

Hello gagaman

 

Thank you for the logs.

 

OTL took care of the babylon leftovers and MBAM detected and removed some additional adware.

 

ESET looks good :)

 

How is the machine running now?

 

Please scan the machine once more with DDS and post the logs in your next reply :)

Link to post
Share on other sites

The computer is running much better now. Its a little slow at startup, but I will check the services that load at startup and disable the ones that are not necessary. Will do this after you declared this machine clean ;)

 

Here are the dds logs::

 

DDS-log

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: BrowserJavaVersion: 1.6.0_29

Run by mama at 22:02:10 on 2011-11-03

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2655 [GMT 1:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:Program FilesEmsisoft Anti-Malwarea2service.exe

C:WINDOWSsystem32svchost -k DcomLaunch

svchost.exe

C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

C:WINDOWSSystem32svchost.exe -k netsvcs

C:WINDOWSsystem32svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:WINDOWSsystem32spoolsv.exe

svchost.exe

C:Program FilesSUPERAntiSpywareSASCORE.EXE

C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesJavajre6binjqs.exe

C:Program FilesLogMeInx86LMIGuardianSvc.exe

C:Program FilesLogMeInx86RaMaint.exe

C:Program FilesLogMeInx86LogMeIn.exe

C:Program FilesMicrosoft LifeCamMSCamS32.exe

C:WINDOWSsystem32PnkBstrA.exe

C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe

C:WINDOWSsystem32svchost.exe -k imgsvc

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32wbemwmiapsrv.exe

C:WINDOWSExplorer.EXE

C:Program FilesASUSEPU-4 EngineFourEngine.exe

C:Program FilesLogMeInx86LogMeInSystray.exe

C:WINDOWSRTHDCPL.EXE

C:WINDOWSvVX1000.exe

C:Program FilesMicrosoft Security Clientmsseces.exe

C:Program FilesiTunesiTunesHelper.exe

C:Program FilesPowerISOPWRISOVM.EXE

C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe

C:Program FilesD-LinkDWA-125 revAAirGCFG.exe

C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe

C:Program FilesPCPitstopInfo CenterInfoCenter.exe

C:Program FilesCommon FilesJavaJava Updatejusched.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesSkypePhoneSkype.exe

C:Program FilesInterVideoCommonBinWinCinemaMgr.exe

C:Program FilesSpywareGuardsgmain.exe

C:Program FilesSpywareGuardsgbhp.exe

C:Program FilesiPodbiniPodService.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.be/

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll

uRun: [CTFMON.EXE] c:windowssystem32ctfmon.exe

uRun: [skype] "c:program filesskypephoneSkype.exe" /nosplash /minimized

uRunOnce: [shockwave Updater] c:windowssystem32adobeshockwave 11SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.dadsproject.com/Klokkijken/klokkijken.php"

mRun: [six Engine] "c:program filesasusepu-4 engineFourEngine.exe" -r

mRun: [LogMeIn GUI] "c:program fileslogmeinx86LogMeInSystray.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [LifeCam] "c:program filesmicrosoft lifecamLifeExp.exe"

mRun: [VX1000] c:windowsvVX1000.exe

mRun: [MSC] "c:program filesmicrosoft security clientmsseces.exe" -hide -runkey

mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportAppleSyncNotifier.exe

mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"

mRun: [PWRISOVM.EXE] c:program filespowerisoPWRISOVM.EXE -startup

mRun: [uVS10 Preload] c:program filesulead systemsulead videostudio se dvduvPL.exe

mRun: [WinDVR SchSvr] "c:program filescommon filesintervideoschsvrSchSvr.exe"

mRun: [D-Link D-Link DWA-125] c:program filesd-linkdwa-125 revaAirGCFG.exe

mRun: [WZCSLDR2] c:program filesd-linkdwa-125 revaWZCSLDR2.exe

mRun: [info Center] c:program filespcpitstopinfo centerInfoCenter.exe

mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"

dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE

dRun: [DWQueuedReporting] "c:progra~1common~1micros~1dwdwtrig20.exe" -t

StartupFolder: c:docume~1mamamenust~1progra~1opstar~1spywar~1.lnk - c:program filesspywareguardsgmain.exe

StartupFolder: c:docume~1alluse~1menust~1progra~1opstar~1interv~1.lnk - c:program filesintervideocommonbinWinCinemaMgr.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243013861984

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 195.130.130.4 195.130.131.4

TCP: Interfaces{4F52C767-993D-4BB5-AE28-5E54599325CC} : DhcpNameServer = 195.130.131.132 195.130.130.4

TCP: Interfaces{57CC1820-8280-407F-8BB2-EB8E5714DF5F} : DhcpNameServer = 195.130.130.4 195.130.131.4

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLL

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:program filesspywareguardspywareguard.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:documents and settingsmamaapplication datamozillafirefoxprofileshefq8rku.default

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=17243&q=

FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll

FF - plugin: c:program filesgoogleupdate1.3.21.79npGoogleUpdate3.dll

FF - plugin: c:program filesmicrosoft silverlight4.0.60831.0npctrlui.dll

FF - plugin: c:program filesmicrosoftoffice livenpOLW.dll

FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2010-10-24 165648]

R1 MpKsl14b6f6d3;MpKsl14b6f6d3;c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{dd6b984f-b158-4aa3-8647-5ac4c6bf47da}MpKsl14b6f6d3.sys [2011-11-3 28752]

R1 SASDIFSV;SASDIFSV;c:program filessuperantispywareSASDIFSV.SYS [2009-5-14 12880]

R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-5-14 67664]

R2 !SASCORE;SAS Core Service;c:program filessuperantispywareSASCORE.EXE [2011-6-12 116608]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:program filesemsisoft anti-malwarea2service.exe [2011-6-13 3045688]

R2 ANPD;ANPD Service;c:windowssystem32ANPD.SYS [2011-10-30 29411]

R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2009-10-11 54752]

R2 LMIGuardianSvc;LMIGuardianSvc;c:program fileslogmeinx86LMIGuardianSvc.exe [2010-10-5 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:program fileslogmeinx86rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:windowssystem32driversLMIRfsDriver.sys [2009-5-22 47640]

R3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:windowssystem32driversDrt2870.sys [2011-10-30 779136]

S1 MpKsl2a03b60a;MpKsl2a03b60a;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{7262ea36-dceb-49b7-87ab-3885ae2c843c}mpksl2a03b60a.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{7262ea36-dceb-49b7-87ab-3885ae2c843c}MpKsl2a03b60a.sys [?]

S1 MpKslb124d8ed;MpKslb124d8ed;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{56bff251-6282-460b-b669-266224a92bb0}mpkslb124d8ed.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{56bff251-6282-460b-b669-266224a92bb0}MpKslb124d8ed.sys [?]

S1 MpKsld0e9bdc2;MpKsld0e9bdc2;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{70379d85-e50b-44ff-86e2-cfc904337769}mpksld0e9bdc2.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{70379d85-e50b-44ff-86e2-cfc904337769}MpKsld0e9bdc2.sys [?]

S3 a2acc;a2acc;c:program filesemsisoft anti-malwarea2accx86.sys [2011-6-13 73728]

S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [2009-5-22 1691480]

S3 D_Link_DWA-125;D_Link_DWA-125 Service;c:program filesd-linkdwa-125 revaANIWZCSdS.exe [2011-10-30 126976]

S3 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:program filesd-linkdwa-125 revaANIWConnService.exe [2011-10-30 40960]

S3 fsssvc;De service Windows Live Family Safety;c:program fileswindows livefamily safetyfsssvc.exe [2010-4-28 704872]

S3 gupdate;Google Updateservice (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2009-11-22 135664]

S3 gupdatem;Google Update-service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2009-11-22 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;??c:windowssystem32driversmbamswissarmy.sys --> c:windowssystem32driversmbamswissarmy.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2007-11-6 34064]

S3 npggsvc;nProtect GameGuard Service;c:windowssystem32gamemon.des -service --> c:windowssystem32GameMon.des -service [?]

S3 PCPitstop Scheduling;PCPitstop Scheduling;c:program filespcpitstopPCPitstopScheduleService.exe [2011-10-30 91816]

S3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-5-14 12872]

S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:windowssystem32driversSmiUsbGrabber3C.sys [2011-8-10 805632]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-11-03 21:01:53 28752 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{dd6b984f-b158-4aa3-8647-5ac4c6bf47da}MpKsl14b6f6d3.sys

2011-11-03 21:01:50 56200 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{dd6b984f-b158-4aa3-8647-5ac4c6bf47da}offreg.dll

2011-11-03 21:01:40 6668624 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{dd6b984f-b158-4aa3-8647-5ac4c6bf47da}mpengine.dll

2011-11-03 13:48:47 -------- d-----w- c:program filesESET

2011-11-03 13:46:16 472808 ----a-w- c:windowssystem32deployJava1.dll

2011-11-03 13:36:14 22216 ----a-w- c:windowssystem32driversmbam.sys

2011-11-03 13:36:14 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2011-11-03 13:31:22 -------- d-----w- C:_OTL

2011-11-02 10:25:29 -------- d--h--r- c:documents and settingsmamaOnlangs geopend

2011-11-01 11:01:21 -------- d-----w- c:program filesSIW

2011-10-30 20:44:37 388096 ----a-r- c:documents and settingsmamaapplication datamicrosoftinstaller{45a66726-69bc-466b-a7a4-12fcba4883d7}HiJackThis.exe

2011-10-30 20:44:36 -------- d-----w- c:program filesTrend Micro

2011-10-30 16:56:16 -------- d-----w- c:documents and settingsall usersapplication dataPCPitstopDat

2011-10-30 06:16:16 48640 ----a-w- c:windowssystem32ANPD64.SYS

2011-10-30 06:16:16 34008 ----a-w- c:windowssystem32ANPD.VXD

2011-10-30 06:16:16 315392 ----a-w- c:windowssystem32ANPDApi.dll

2011-10-30 06:16:16 29411 ----a-w- c:windowssystem32ANPD.SYS

2011-10-30 06:15:34 779136 ----a-w- c:windowssystem32driversDrt2870.sys

2011-10-30 06:15:33 221184 ----a-w- c:windowssystem32RaCoInst.dll

2011-10-30 06:15:32 -------- d-----w- c:program filesD-Link

2011-10-19 14:31:15 -------- d-----w- c:documents and settingsall usersapplication dataHEMA Fotoservice

2011-10-19 14:31:13 -------- d-----w- c:program filesHEMA Fotoservice

2011-10-13 17:56:57 -------- d-----w- c:documents and settingsall usersapplication datatmp

2011-10-13 17:56:56 -------- d-----w- c:documents and settingsall usersapplication datahps

2011-10-13 17:55:38 -------- d-----w- c:program filesbol.com

.

==================== Find3M ====================

.

2011-11-02 13:11:21 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-10-08 06:50:36 83360 ----a-w- c:windowssystem32LMIRfsClientNP.dll

2011-10-08 06:50:36 52096 ----a-w- c:windowssystem32spoolprtprocsw32x86LMIproc.dll

2011-10-08 06:50:35 87424 ----a-w- c:windowssystem32LMIinit.dll

2011-10-08 06:50:35 30592 ----a-w- c:windowssystem32LMIport.dll

2011-10-03 01:37:52 73728 ----a-w- c:windowssystem32javacpl.cpl

2011-09-26 09:41:44 614912 ----a-w- c:windowssystem32uiautomationcore.dll

2011-09-26 09:41:44 23040 ----a-w- c:windowssystem32oleaccrc.dll

2011-09-26 09:41:20 220160 ----a-w- c:windowssystem32oleacc.dll

2011-09-09 09:12:05 602624 ----a-w- c:windowssystem32crypt32.dll

2011-09-06 14:09:57 1859072 ----a-w- c:windowssystem32win32k.sys

2011-08-22 23:41:22 916480 ----a-w- c:windowssystem32wininet.dll

2011-08-22 23:41:20 43520 ----a-w- c:windowssystem32licmgr10.dll

2011-08-22 23:41:20 1469440 ----a-w- c:windowssystem32inetcpl.cpl

2011-08-22 11:58:28 385024 ----a-w- c:windowssystem32html.iec

2011-08-17 13:49:54 138496 ----a-w- c:windowssystem32driversafd.sys

2011-08-13 12:00:22 61244 ----a-w- c:windowssystem32x264vfw-uninstall.exe

.

============= FINISH: 22:03:20,48 ===============

 

 

Attach-log

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: DeviceHarddiskVolume1

Install Date: 22/05/2009 9:01:14

System Uptime: 3/11/2011 21:59:57 (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5QL PRO

Processor: Intel Pentium III Xeon-processor | LGA775 | 2997/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 146 GiB total, 32,311 GiB free.

D: is FIXED (NTFS) - 152 GiB total, 141,391 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP867: 30/10/2011 21:44:35 - Installed HiJackThis

RP868: 1/11/2011 9:55:20 - Software Distribution Service 3.0

RP869: 2/11/2011 10:23:05 - Revo Uninstaller's restore point - µTorrent

RP870: 2/11/2011 10:24:10 - Revo Uninstaller's restore point - LimeWire 5.1.3

RP871: 2/11/2011 10:31:54 - Software Distribution Service 3.0

RP872: 3/11/2011 7:11:53 - OTL Restore Point - 3/11/2011 7:11:49

RP873: 3/11/2011 14:45:51 - Installed Java 6 Update 29

RP874: 3/11/2011 14:53:44 - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.1 - Nederlands

Adobe Shockwave Player 11.5

AMCap

Any Video Converter 3.1.1

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applian Director

Assassin's Creed

ASUS nVidia Driver

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

AviSynth 2.5

Beveiligingsupdate voor Microsoft Windows (KB2564958)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB2559049)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB2586448)

Beveiligingsupdate voor Windows Media Encoder (KB2447961)

Beveiligingsupdate voor Windows XP (KB2536276-v2)

Beveiligingsupdate voor Windows XP (KB2562937)

Beveiligingsupdate voor Windows XP (KB2566454)

Beveiligingsupdate voor Windows XP (KB2567053)

Beveiligingsupdate voor Windows XP (KB2567680)

Beveiligingsupdate voor Windows XP (KB2570222)

Beveiligingsupdate voor Windows XP (KB2570947)

Beveiligingsupdate voor Windows XP (KB2592799)

Beveiligingsupdate voor Windows XP (KB923789)

bol.com fotoservice

Bonjour

Call of Duty® - World at War

Call of Duty® - World at War 1.2 Patch

Call of Duty® - World at War 1.3 Patch

Call of Duty® - World at War 1.4 Patch

Call of Duty® 2

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.7 Patch

Call of Duty: Modern Warfare 2

Call of Duty: Modern Warfare 2 - Multiplayer

Canon MP495 series MP Drivers

CCleaner

Click to Call with Skype

Conduit Engine

D-Link DWA-125

DScaler 4.1.15

Emsisoft Anti-Malware 5.1

EPU-4 Engine

ESET Online Scanner v3

Free Audio Dub version 1.7.7

Free Studio version 5.0.8

Free Video Dub version 1.8

Free Video to MP3 Converter version 4.1

Free YouTube Download 2.10

GoGear ARIA Device Manager

Google Chrome

Google Earth

Google Update Helper

HEMA Fotoservice

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB976002-v5)

Hotfix voor Windows XP (KB2570791)

HP-software voor foto- en beeldbewerking 2.0 - All-in-One

HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma

HP-software voor foto- en beeldbewerking 2.0 - HP psc 1200

hp psc 1200 series

Huffyuv AVI lossless video codec (Remove Only)

ijji - Gunz

ijji REACTOR

Info Center 1.0.0.7

InterVideo WinDVR 3

iTunes

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

Lame ACM MP3 Codec

LogMeIn

Malwarebytes' Anti-Malware version 1.51.2.1300

Media Converter for Philips

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Dutch Language Pack

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD

Microsoft .NET Framework 3.5 Language Pack SP1 - nld

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Antimalware

Microsoft Antimalware Service NL-NL Language Pack

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft LifeCam

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Dutch) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office Excel Viewer

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Dutch) 2007

Microsoft Office InfoPath MUI (Dutch) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office Outlook MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Dutch) 2007

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Word MUI (Dutch) 2007

Microsoft Search Enhancement Pack

Microsoft Security Client

Microsoft Security Client NL-NL Language Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (Dutch) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MobileMe Control Panel

Mozilla Firefox 4.0.1 (x86 nl)

MSVCRT

MSVCRT Redists

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Drivers

NVIDIA PhysX

OGA Notifier 2.0.0048.0

Paint.NET v3.5.8

PC Matic 1.1.0.44

PhotoScape

PowerISO

PSP Video 9 6

PunkBuster Services

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

Realtek High Definition Audio Driver

RealUpgrade 1.1

Revo Uninstaller 1.92

Safari

SAMSUNG Mobile Modem Driver Set

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio 3

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Segoe UI

SIW version 2011.09.16

Skype™ 5.5

SMI Grabber Device

Soldier Front

Spybot - Search & Destroy

SpywareBlaster 4.2

SpywareGuard v2.2

Steam

Sudoku Beginner

SUPERAntiSpyware Free Edition

System Requirements Lab

Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL

Ulead VideoStudio SE DVD

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Update voor Microsoft Office Excel 2007 Help (KB963678)

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

Update voor Microsoft Office Word 2007 Help (KB963665)

Update voor Windows XP (KB2607712)

Update voor Windows XP (KB2616676)

Videora iPod touch Converter 6

WebFldrs XP

Windows-stuurprogrammapakket - Atheros (L1e) Net (03/31/2009 1.0.0.36)

Windows-stuurprogrammapakket - NVIDIA (nv) Display (01/11/2010 6.14.11.9621)

Windows-stuurprogrammapakket - Realtek Semiconductor Corp. HD Audio Driver (12/25/2009 5.10.0.6013)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live - Hulpprogramma voor uploaden

Windows Live aanmeldhulp

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Writer

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinPcap 4.0.2

WinRAR

Wolfenstein - Enemy Territory

x264vfw - H.264/MPEG-4 AVC codec (remove only)

Xfire (remove only)

YouSendIt Express

YouTube Downloader 2.5.3

YouTube Downloader App 3.00

.

==== End Of File ===========================

Link to post
Share on other sites

Hello gagaman

 

DDS is still flagging remnants of babylon even though OTL reports they were sucessfully removed.

 

Lets give OTL one more try. Please post another OTL scan log in your nexy reply (no need to post the extras.txt).

Link to post
Share on other sites

Hello JonTom,

 

I did another OTL scan... I used the same instructions as you gave in your first post about OTL, so with the custom scans lines. Hope that is what you meant :) .

 

OTL-LOG

 

OTL logfile created on: 4/11/2011 17:25:04 - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsmamaBureaublad

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = )

Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

 

3,25 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 81,56% Memory free

5,09 Gb Paging File | 4,62 Gb Available in Paging File | 90,84% Paging File free

Paging file location(s): C:pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 146,48 Gb Total Space | 32,33 Gb Free Space | 22,07% Space Free | Partition Type: NTFS

Drive D: | 151,61 Gb Total Space | 141,39 Gb Free Space | 93,26% Space Free | Partition Type: NTFS

 

Computer Name: FRANCINE | User Name: mama | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/11/03 07:09:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe

PRC - [2011/10/30 17:06:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:Program FilesSUPERAntiSpywareSASCORE.EXE

PRC - [2011/10/30 07:47:56 | 003,045,688 | ---- | M] (Emsi Software GmbH) -- C:Program FilesEmsisoft Anti-Malwarea2service.exe

PRC - [2011/10/08 07:50:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86ramaint.exe

PRC - [2011/10/08 07:50:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LMIGuardianSvc.exe

PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:Program FilesPCPitstopInfo CenterInfoCenter.exe

PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security Clientmsseces.exe

PRC - [2011/06/15 07:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:Program FilesPowerISOPWRISOVM.EXE

PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LogMeIn.exe

PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:Program FilesD-LinkDWA-125 revAAirGCFG.exe

PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe

PRC - [2008/07/24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LogMeInSystray.exe

PRC - [2008/07/23 16:04:20 | 005,625,344 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineFourEngine.exe

PRC - [2008/04/14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe

PRC - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft LifeCamMSCamS32.exe

PRC - [2007/04/10 22:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:WINDOWSvVX1000.exe

PRC - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:Program FilesSpywareGuardsgmain.exe

PRC - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:Program FilesSpywareGuardsgbhp.exe

PRC - [2003/06/06 16:52:32 | 000,151,552 | ---- | M] (InterVideo Inc.) -- C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe

PRC - [2003/06/06 16:51:48 | 000,131,072 | ---- | M] () -- C:Program FilesInterVideoCommonBinWinCinemaMgr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/10/30 07:16:16 | 000,315,392 | ---- | M] () -- C:WINDOWSsystem32ANPDApi.dll

MOD - [2011/10/14 05:55:04 | 012,430,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Windows.Forms71a2ae9ad561a62181cbd9fb11e9de7aSystem.Windows.Forms.ni.dll

MOD - [2011/10/14 05:54:46 | 001,587,200 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Drawingc10bea3c4bb7ef654651141bf9419090System.Drawing.ni.dll

MOD - [2011/10/13 22:49:12 | 007,950,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32Systemaf39f6e644af02873b9bae319f2bfb13System.ni.dll

MOD - [2011/10/13 22:49:02 | 011,490,816 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlibca87ba84221991839abbe7d4bc9c6721mscorlib.ni.dll

MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:Program FilesD-LinkDWA-125 revAwlanapp.dll

MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:Program FilesCommon FilesAppleApple Application Supportzlib1.dll

MOD - [2009/05/22 09:04:59 | 000,303,104 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILmscorlib.resources2.0.0.0_nl_b77a5c561934e089mscorlib.resources.dll

MOD - [2009/02/27 17:13:06 | 000,311,296 | ---- | M] () -- C:Program FilesCommon FilesAdobeAcrobatActiveXpdfshell.NLD

MOD - [2008/07/23 16:04:20 | 005,625,344 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineFourEngine.exe

MOD - [2008/04/15 09:07:34 | 000,053,248 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineAsSpindownTimeout.dll

MOD - [2006/01/10 09:50:20 | 000,024,576 | R--- | M] () -- C:WINDOWSsystem32AsIO.dll

MOD - [2005/05/11 15:39:32 | 000,565,248 | ---- | M] () -- C:Program FilesASUSEPU-4 Enginepngio.dll

MOD - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:Program FilesSpywareGuardsgmain.exe

MOD - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:Program FilesSpywareGuardsgbhp.exe

MOD - [2003/08/02 22:20:57 | 000,126,976 | R--- | M] () -- C:Program FilesSpywareGuardspywareguard.dll

MOD - [2003/06/06 16:51:48 | 000,131,072 | ---- | M] () -- C:Program FilesInterVideoCommonBinWinCinemaMgr.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011/10/30 17:06:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:Program FilesSUPERAntiSpywareSASCORE.EXE -- (!SASCORE)

SRV - [2011/10/30 07:47:56 | 003,045,688 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware)

SRV - [2011/10/26 11:42:32 | 000,091,816 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:Program FilesPCPitstopPCPitstopScheduleService.exe -- (PCPitstop Scheduling)

SRV - [2011/10/08 07:50:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86RaMaint.exe -- (LMIMaint)

SRV - [2011/10/08 07:50:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)

SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86LogMeIn.exe -- (LogMeIn)

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe -- (ACDaemon)

SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [On_Demand | Stopped] -- C:Program FilesD-LinkDWA-125 revAANIWZCSdS.exe -- (D_Link_DWA-125)

SRV - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesD-LinkDWA-125 revAANIWConnService.exe -- (D_Link_DWA-125_WPS)

SRV - [2009/05/20 09:50:20 | 002,772,302 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:WINDOWSSystem32GameMon.des -- (npggsvc)

SRV - [2007/11/06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:Program FilesWinPcaprpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft LifeCamMSCamS32.exe -- (MSCamSvc)

SRV - [2006/09/28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2003/03/09 20:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:WINDOWSsystem32HPZipm12.exe -- (Pml Driver HPZ12)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/11/04 17:17:25 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C21752B9-DDF7-4BCD-A63C-7B802231E310}MpKsl9c37787a.sys -- (MpKsl9c37787a)

DRV - [2011/10/30 17:06:43 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/10/30 17:06:42 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSUPERAntiSpywareSASDIFSV.SYS -- (SASDIFSV)

DRV - [2011/10/30 07:16:16 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:WINDOWSsystem32ANPD.SYS -- (ANPD)

DRV - [2011/10/08 07:50:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:WINDOWSSystem32LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2011/06/15 09:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:WINDOWSSystem32driversscdemu.sys -- (SCDEmu)

DRV - [2011/06/12 19:53:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:Program FilesSUPERAntiSpywareSASENUM.SYS -- (SASENUM)

DRV - [2011/02/20 20:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc)

DRV - [2011/01/26 10:31:28 | 000,805,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversSmiUsbGrabber3C.sys -- (SMIGrabber3C)

DRV - [2009/12/25 18:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversMonfilt.sys -- (Monfilt)

DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversAmbfilt.sys -- (Ambfilt)

DRV - [2009/10/23 17:10:10 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:WINDOWSSystem32driversStarOpen.sys -- (StarOpen)

DRV - [2009/09/15 14:09:22 | 000,779,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversDrt2870.sys -- (rt2870)

DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversfssfltr_tdi.sys -- (fssfltr)

DRV - [2009/03/31 17:33:10 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversl1e51x86.sys -- (L1e)

DRV - [2008/07/24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:Program FilesLogMeInx86rainfo.sys -- (LMIInfo)

DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:WINDOWSsystem32driversLMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnmnt.sys -- (nm)

DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversMPE.sys -- (MPE)

DRV - [2007/12/17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:WINDOWSsystem32driversAsIO.sys -- (AsIO)

DRV - [2007/11/06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnpf.sys -- (NPF)

DRV - [2007/05/02 10:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_mdm.sys -- (ssm_mdm)

DRV - [2007/05/02 10:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_mdfl.sys -- (ssm_mdfl)

DRV - [2007/05/02 10:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)

DRV - [2007/05/02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_mdm.sys -- (ss_mdm)

DRV - [2007/05/02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_mdfl.sys -- (ss_mdfl)

DRV - [2007/05/02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV - [2007/04/10 22:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversVX1000.sys -- (VX1000)

DRV - [2006/11/29 06:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversAPLMp50.sys -- (APLMp50)

DRV - [2005/12/18 19:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:Program FilesDScalerDSDrv4.sys -- (DSDrv4)

DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32npptNT2.sys -- (NPPTNT2)

DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversASACPI.sys -- (MTsensor)

DRV - [2002/09/27 06:53:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverspfc.sys -- (pfc)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.be/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://be.msn.com/default.aspx?ocid=iehp

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = nl-be

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 8A 69 41 C1 21 97 CC 01 [binary data]

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243"

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=17243&q="

 

FF - [email protected]/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32.dll ()

FF - [email protected]/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]/GoogleEarthPlugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google)

FF - [email protected]/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF - [email protected]/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)

FF - [email protected]/OfficeLive,version=1.3: C:Program FilesMicrosoftOffice LivenpOLW.dll (Microsoft Corp.)

FF - [email protected]/WLPG,version=14.0.8117.0416: C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WPF,version=3.5: C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - [email protected]/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxextensions{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:Program FilesArcSoftMedia Converter for PhilipsInternet Video DownloaderPlugin_FireFox [2010/03/07 12:38:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 4.0.1extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2011/10/30 16:01:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 4.0.1extensionsPlugins: C:Program FilesMozilla Firefoxplugins

 

[2011/02/22 16:50:36 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsmamaApplication DataMozillaExtensions

[2011/10/30 12:10:16 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsmamaApplication DataMozillaFirefoxProfileshefq8rku.defaultextensions

[2011/11/03 14:46:17 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions

[2011/08/10 17:54:30 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:Program FilesMozilla Firefoxextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/11/03 14:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2009/06/03 17:08:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:PROGRAM FILESJAVAJRE6LIBDEPLOYJQSFF

[2009/09/01 20:55:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:WINDOWSMICROSOFT.NETFRAMEWORKV3.5WINDOWS PRESENTATION FOUNDATIONDOTNETASSISTANTEXTENSION

[2011/04/14 17:57:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbing.xml

[2010/01/01 09:00:00 | 000,001,892 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbolcom-nl.xml

[2010/01/01 09:00:00 | 000,004,558 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsmarktplaats-nl.xml

[2010/01/01 09:00:00 | 000,001,111 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsvandale-nl.xml

[2010/01/01 09:00:00 | 000,001,049 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginswikipedia-nl.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:WINDOWSsystem32MacromedFlashNPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin7.dll

CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:Program FilesJavajre6binnew_pluginnpjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:Program FilesMicrosoft Silverlight4.0.60531.0npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:WINDOWSsystem32AdobeDirectornp32dsw.dll

CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:Program FilesRealRealPlayerNetscape6nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprpjplug.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:Program FilesWindows Media Playernpdsplay.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:Program FilesMicrosoftOffice LivenpOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202pdf.dll

CHR - plugin: Skype Toolbars (Enabled) = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.5.0.8013_0npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll

CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpdrmv2.dll

CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpwmsdrm.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.69npGoogleUpdate3.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprjplug.dll

CHR - plugin: Windows Liveu00AE Photo Gallery (Enabled) = C:Program FilesWindows LivePhoto GalleryNPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:Program FilesiTunesMozilla Pluginsnpitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.4_0

CHR - Extension: Click to call with Skype = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.5.0.8013_0

 

O1 HOSTS File: ([2009/05/22 19:08:20 | 000,611,053 | ---- | M]) - C:WINDOWSsystem32driversetcHOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 acezip.net #[siteAdvisor.acezip.net]

O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]

O1 - Hosts: 127.0.0.1 phpadsnew.abac.com

O1 - Hosts: 127.0.0.1 a.abnad.net

O1 - Hosts: 127.0.0.1 b.abnad.net

O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]

O1 - Hosts: 127.0.0.1 d.abnad.net

O1 - Hosts: 127.0.0.1 e.abnad.net

O1 - Hosts: 127.0.0.1 t.abnad.net

O1 - Hosts: 127.0.0.1 z.abnad.net

O1 - Hosts: 127.0.0.1 banners.absolpublisher.com

O1 - Hosts: 127.0.0.1 tracking.absolstats.com

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 gtb5.acecounter.com

O1 - Hosts: 127.0.0.1 gtb19.acecounter.com

O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com

O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]

O1 - Hosts: 16309 more lines...

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..Run: [D-Link D-Link DWA-125] C:Program FilesD-LinkDWA-125 revAAirGCFG.exe (D-Link Corp.)

O4 - HKLM..Run: [info Center] C:Program FilesPCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)

O4 - HKLM..Run: [LifeCam] C:Program FilesMicrosoft LifeCamLifeExp.exe (Microsoft Corporation)

O4 - HKLM..Run: [LogMeIn GUI] C:Program FilesLogMeInx86LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..Run: [MSC] C:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)

O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..Run: [six Engine] C:Program FilesASUSEPU-4 EngineFourEngine.exe ()

O4 - HKLM..Run: [uVS10 Preload] C:Program FilesUlead SystemsUlead VideoStudio SE DVDuvPL.exe (Ulead Systems, Inc.)

O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe (Microsoft Corporation)

O4 - HKLM..Run: [WinDVR SchSvr] C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe (InterVideo Inc.)

O4 - HKLM..Run: [WZCSLDR2] C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe (Wireless Service)

O4 - HKCU..RunOnce: [shockwave Updater] C:WINDOWSsystem32AdobeShockwave 11SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.dadsproject.com/Klokkijken/klokkijken.php" File not found

O4 - Startup: C:Documents and SettingsAll UsersMenu StartProgramma'sOpstartenInterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe ()

O4 - Startup: C:Documents and SettingsmamaMenu StartProgramma'sOpstartenSpywareGuard.lnk = C:Program FilesSpywareGuardsgmain.exe ()

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (VersionControl Class)

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243013861984 (MUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 195.130.130.4 195.130.131.4

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{4F52C767-993D-4BB5-AE28-5E54599325CC}: DhcpNameServer = 195.130.131.132 195.130.130.4

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{57CC1820-8280-407F-8BB2-EB8E5714DF5F}: DhcpNameServer = 195.130.130.4 195.130.131.4

O18 - ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSsystem32userinit.exe (Microsoft Corporation)

O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program FilesSUPERAntiSpywareSASWINLO.DLL) - C:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

O20 - WinlogonNotifyLMIinit: DllName - (LMIinit.dll) - C:WINDOWSSystem32LMIinit.dll (LogMeIn, Inc.)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:Program FilesSpywareGuardspywareguard.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/22 07:59:54 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/11/03 14:48:47 | 000,000,000 | ---D | C] -- C:Program FilesESET

[2011/11/03 14:46:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataSun

[2011/11/03 14:46:23 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesJava

[2011/11/03 14:46:16 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32deployJava1.dll

[2011/11/03 14:46:16 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32javaws.exe

[2011/11/03 14:46:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32javaw.exe

[2011/11/03 14:46:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32java.exe

[2011/11/03 14:36:18 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sMalwarebytes' Anti-Malware

[2011/11/03 14:36:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:WINDOWSSystem32driversmbam.sys

[2011/11/03 14:36:14 | 000,000,000 | ---D | C] -- C:Program FilesMalwarebytes' Anti-Malware

[2011/11/03 14:35:40 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:Documents and SettingsmamaBureaubladmbam-setup-1.51.2.1300.exe

[2011/11/03 14:31:22 | 000,000,000 | ---D | C] -- C:_OTL

[2011/11/03 07:09:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe

[2011/11/02 11:25:29 | 000,000,000 | RH-D | C] -- C:Documents and SettingsmamaOnlangs geopend

[2011/11/01 12:01:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sSIW

[2011/11/01 12:01:21 | 000,000,000 | ---D | C] -- C:Program FilesSIW

[2011/11/01 09:52:47 | 000,000,000 | ---D | C] -- C:Documents and SettingsmamaBureaubladgmer

[2011/11/01 09:48:59 | 000,000,000 | R--D | C] -- C:Documents and SettingsmamaMenu StartProgramma'sSysteembeheer

[2011/11/01 09:46:37 | 000,607,260 | R--- | C] (Swearware) -- C:Documents and SettingsmamaBureaubladdds.scr

[2011/10/30 21:44:36 | 000,000,000 | ---D | C] -- C:Program FilesTrend Micro

[2011/10/30 21:44:36 | 000,000,000 | ---D | C] -- C:Documents and SettingsmamaMenu StartProgramma'sHiJackThis

[2011/10/30 17:56:16 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataPCPitstopDat

[2011/10/30 17:54:02 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sPC Pitstop

[2011/10/30 14:57:11 | 000,000,000 | ---D | C] -- C:WINDOWSCSC

[2011/10/30 12:09:43 | 000,000,000 | ---D | C] -- D:Documents and SettingsmamaMijn documentenDownloads

[2011/10/30 07:17:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sD-Link

[2011/10/30 07:15:34 | 000,779,136 | ---- | C] (Ralink Technology, Corp.) -- C:WINDOWSSystem32driversDrt2870.sys

[2011/10/30 07:15:33 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:WINDOWSSystem32RaCoInst.dll

[2011/10/30 07:15:32 | 000,000,000 | ---D | C] -- C:Program FilesD-Link

[2011/10/19 15:31:35 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sHEMA Fotoservice

[2011/10/19 15:31:15 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataHEMA Fotoservice

[2011/10/19 15:31:13 | 000,000,000 | ---D | C] -- C:Program FilesHEMA Fotoservice

[2011/10/13 18:56:57 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datatmp

[2011/10/13 18:56:56 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datahps

[2011/10/13 18:56:38 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sbol.com fotoservice

[2011/10/13 18:55:38 | 000,000,000 | ---D | C] -- C:Program Filesbol.com

[1 D:Documents and SettingsmamaMijn documenten*.tmp files -> D:Documents and SettingsmamaMijn documenten*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/11/04 17:23:22 | 000,002,206 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl

[2011/11/04 17:22:26 | 000,000,424 | -H-- | M] () -- C:WINDOWStasksMP Scheduled Scan.job

[2011/11/04 17:18:10 | 000,003,284 | ---- | M] () -- C:WINDOWSSystem32ANIWZCS{57CC1820-8280-407F-8BB2-EB8E5714DF5F}

[2011/11/04 17:18:00 | 000,000,005 | ---- | M] () -- C:WINDOWSSystem32ANIWZCSUSERNAME{57CC1820-8280-407F-8BB2-EB8E5714DF5F}

[2011/11/04 17:17:38 | 000,001,040 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job

[2011/11/04 17:17:38 | 000,000,294 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-500.job

[2011/11/04 17:17:38 | 000,000,280 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-1005.job

[2011/11/04 17:17:38 | 000,000,276 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-1003.job

[2011/11/04 17:17:15 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat

[2011/11/04 17:00:00 | 000,001,044 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job

[2011/11/03 16:40:10 | 000,039,570 | ---- | M] () -- C:Documents and SettingsmamaBureaubladesetscan.JPG

[2011/11/03 14:36:44 | 000,707,306 | ---- | M] () -- C:WINDOWSSystem32perfh013.dat

[2011/11/03 14:36:44 | 000,607,828 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat

[2011/11/03 14:36:44 | 000,186,650 | ---- | M] () -- C:WINDOWSSystem32perfc013.dat

[2011/11/03 14:36:44 | 000,143,688 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat

[2011/11/03 14:36:18 | 000,000,784 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladMalwarebytes' Anti-Malware.lnk

[2011/11/03 14:35:53 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:Documents and SettingsmamaBureaubladmbam-setup-1.51.2.1300.exe

[2011/11/03 07:09:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe

[2011/11/02 14:14:00 | 000,000,288 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-1005.job

[2011/11/02 14:11:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl

[2011/11/02 11:22:07 | 000,005,120 | ---- | M] () -- C:Documents and SettingsmamaLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/01 12:01:27 | 000,000,610 | ---- | M] () -- C:Documents and SettingsmamaBureaubladSIW.lnk

[2011/11/01 09:48:43 | 000,294,216 | ---- | M] () -- C:Documents and SettingsmamaBureaubladgmer.zip

[2011/11/01 09:46:39 | 000,607,260 | R--- | M] (Swearware) -- C:Documents and SettingsmamaBureaubladdds.scr

[2011/10/30 21:45:14 | 000,002,445 | ---- | M] () -- C:Documents and SettingsmamaBureaubladHiJackThis.lnk

[2011/10/30 18:43:37 | 000,002,187 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladSafari.lnk

[2011/10/30 18:25:42 | 000,000,244 | ---- | M] () -- C:Documents and SettingsmamaBureaubladToverboom InfoCentrum.url

[2011/10/30 17:54:02 | 000,001,675 | ---- | M] () -- C:Documents and SettingsmamaBureaubladPC Matic.lnk

[2011/10/30 17:22:29 | 000,002,493 | ---- | M] () -- C:Documents and SettingsmamaBureaubladMicrosoft Office Word 2007.lnk

[2011/10/30 16:02:47 | 000,001,324 | ---- | M] () -- C:WINDOWSSystem32d3d9caps.dat

[2011/10/30 14:45:40 | 000,000,284 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-1003.job

[2011/10/30 14:39:23 | 000,000,211 | ---- | M] () -- C:Documents and SettingsmamaBureaubladDe Toverboom - WELKOM - Basisschool 'De Toverboom'. Kom alles te weten over onze school..url

[2011/10/30 09:55:19 | 000,000,302 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-500.job

[2011/10/30 09:55:11 | 000,000,682 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladCCleaner.lnk

[2011/10/30 07:17:24 | 000,001,682 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladWireless Connection Manager.lnk

[2011/10/30 07:16:16 | 000,315,392 | ---- | M] () -- C:WINDOWSSystem32ANPDApi.dll

[2011/10/30 07:16:16 | 000,048,640 | ---- | M] () -- C:WINDOWSSystem32ANPD64.SYS

[2011/10/30 07:16:16 | 000,034,008 | ---- | M] () -- C:WINDOWSSystem32ANPD.VXD

[2011/10/30 07:16:16 | 000,029,411 | ---- | M] () -- C:WINDOWSSystem32ANPD.SYS

[2011/10/29 17:28:37 | 000,001,813 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladGoogle Chrome.lnk

[2011/10/19 14:55:38 | 000,000,914 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladbol.com fotoservice.lnk

[2011/10/19 14:55:38 | 000,000,884 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladCEWE Fotoshow.lnk

[2011/10/14 05:51:45 | 000,293,272 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2011/10/08 07:50:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIRfsClientNP.dll

[2011/10/08 07:50:35 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIinit.dll

[2011/10/08 07:50:35 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIport.dll

[1 D:Documents and SettingsmamaMijn documenten*.tmp files -> D:Documents and SettingsmamaMijn documenten*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/11/03 16:40:10 | 000,039,570 | ---- | C] () -- C:Documents and SettingsmamaBureaubladesetscan.JPG

[2011/11/03 14:36:18 | 000,000,784 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladMalwarebytes' Anti-Malware.lnk

[2011/11/02 11:20:44 | 000,005,120 | ---- | C] () -- C:Documents and SettingsmamaLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/01 12:01:27 | 000,000,610 | ---- | C] () -- C:Documents and SettingsmamaBureaubladSIW.lnk

[2011/11/01 09:48:43 | 000,294,216 | ---- | C] () -- C:Documents and SettingsmamaBureaubladgmer.zip

[2011/10/30 21:44:37 | 000,002,445 | ---- | C] () -- C:Documents and SettingsmamaBureaubladHiJackThis.lnk

[2011/10/30 17:40:33 | 000,000,244 | ---- | C] () -- C:Documents and SettingsmamaBureaubladToverboom InfoCentrum.url

[2011/10/30 09:55:20 | 000,000,294 | ---- | C] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-500.job

[2011/10/30 09:55:19 | 000,000,302 | ---- | C] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-500.job

[2011/10/30 09:55:11 | 000,000,682 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladCCleaner.lnk

[2011/10/30 07:17:31 | 000,003,284 | ---- | C] () -- C:WINDOWSSystem32ANIWZCS{57CC1820-8280-407F-8BB2-EB8E5714DF5F}

[2011/10/30 07:17:24 | 000,001,682 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladWireless Connection Manager.lnk

[2011/10/30 07:16:23 | 000,000,005 | ---- | C] () -- C:WINDOWSSystem32ANIWZCSUSERNAME{57CC1820-8280-407F-8BB2-EB8E5714DF5F}

[2011/10/30 07:16:16 | 000,315,392 | ---- | C] () -- C:WINDOWSSystem32ANPDApi.dll

[2011/10/30 07:16:16 | 000,048,640 | ---- | C] () -- C:WINDOWSSystem32ANPD64.SYS

[2011/10/30 07:16:16 | 000,034,008 | ---- | C] () -- C:WINDOWSSystem32ANPD.VXD

[2011/10/30 07:16:16 | 000,029,411 | ---- | C] () -- C:WINDOWSSystem32ANPD.SYS

[2011/10/30 07:15:33 | 000,013,931 | ---- | C] () -- C:WINDOWSSystem32RaCoInst.dat

[2011/10/13 18:56:52 | 000,000,914 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladbol.com fotoservice.lnk

[2011/10/13 18:56:52 | 000,000,884 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladCEWE Fotoshow.lnk

[2011/08/13 16:41:18 | 000,204,800 | ---- | C] () -- C:WINDOWSSystem32IVIresizeW7.dll

[2011/08/13 16:41:18 | 000,200,704 | ---- | C] () -- C:WINDOWSSystem32IVIresizeA6.dll

[2011/08/13 16:41:18 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeP6.dll

[2011/08/13 16:41:18 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeM6.dll

[2011/08/13 16:41:18 | 000,188,416 | ---- | C] () -- C:WINDOWSSystem32IVIresizePX.dll

[2011/08/13 16:41:18 | 000,020,480 | ---- | C] () -- C:WINDOWSSystem32IVIresize.dll

[2011/08/11 13:40:49 | 000,061,244 | ---- | C] () -- C:WINDOWSSystem32x264vfw-uninstall.exe

[2011/08/11 13:38:08 | 000,000,135 | ---- | C] () -- C:WINDOWShuffyuv.ini

[2011/08/10 18:18:52 | 000,363,520 | ---- | C] () -- C:WINDOWSSystem32PsisDecd.dll

[2011/07/10 22:04:39 | 000,021,504 | ---- | C] () -- C:WINDOWSjestertb.dll

[2011/03/18 22:18:48 | 000,002,528 | ---- | C] () -- C:Documents and SettingsmamaApplication Data$_hpcst$.hpc

[2011/03/08 20:05:24 | 000,000,162 | ---- | C] () -- C:WINDOWSwininit.ini

[2011/02/23 19:49:33 | 000,000,552 | ---- | C] () -- C:WINDOWSSystem32d3d8caps.dat

[2011/02/20 12:33:22 | 000,000,000 | ---- | C] () -- C:WINDOWSnsreg.dat

[2010/11/18 17:36:02 | 000,027,648 | ---- | C] () -- C:WINDOWSSystem32AVSredirect.dll

[2010/05/06 19:43:34 | 000,001,324 | ---- | C] () -- C:WINDOWSSystem32d3d9caps.dat

[2010/04/06 10:37:57 | 000,000,056 | -H-- | C] () -- C:WINDOWSSystem32ezsidmv.dat

[2010/04/06 10:30:31 | 000,015,498 | ---- | C] () -- C:WINDOWSVX1000.ini

[2010/01/27 21:54:34 | 002,283,526 | ---- | C] () -- C:WINDOWSSystem32nvdata.bin

[2009/12/24 14:53:19 | 000,087,472 | ---- | C] () -- C:WINDOWSSystem32ijjiChannelingPlugin.dll

[2009/10/24 18:51:55 | 000,682,280 | ---- | C] () -- C:WINDOWSSystem32pbsvc.exe

[2009/09/27 18:14:41 | 000,062,036 | -H-- | C] () -- C:WINDOWSSystem32mlfcache.dat

[2009/08/06 09:42:23 | 000,138,160 | ---- | C] () -- C:WINDOWSSystem32driversPnkBstrK.sys

[2009/08/06 09:42:01 | 000,271,200 | ---- | C] () -- C:WINDOWSSystem32PnkBstrB.exe

[2009/08/06 09:41:56 | 000,075,136 | ---- | C] () -- C:WINDOWSSystem32PnkBstrA.exe

[2009/08/06 09:41:46 | 000,000,287 | ---- | C] () -- C:WINDOWSgame.ini

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:WINDOWSSystem32OGACheckControl.dll

[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:WINDOWSSystem32OGAEXEC.exe

[2009/07/12 16:39:51 | 000,000,751 | ---- | C] () -- C:WINDOWSSpiderman.INI

[2009/07/12 10:32:17 | 000,158,952 | ---- | C] () -- C:WINDOWSSystem32PubPlugin.dll

[2009/06/29 17:33:43 | 000,000,000 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataLauncherAccess.dt

[2009/06/29 17:27:54 | 000,005,632 | ---- | C] () -- C:WINDOWSSystem32driversStarOpen.sys

[2009/06/01 19:43:54 | 000,019,558 | ---- | C] () -- C:WINDOWShpoins01.dat

[2009/06/01 19:43:54 | 000,016,606 | ---- | C] () -- C:WINDOWShpomdl01.dat

[2009/05/22 09:48:05 | 000,004,205 | ---- | C] () -- C:WINDOWSODBCINST.INI

[2009/05/22 09:45:27 | 000,293,272 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2009/05/22 09:13:54 | 000,000,127 | ---- | C] () -- C:Documents and SettingsmamaLocal SettingsApplication Datafusioncache.dat

[2009/05/22 08:19:56 | 000,024,576 | R--- | C] () -- C:WINDOWSSystem32AsIO.dll

[2009/05/22 08:19:56 | 000,012,400 | R--- | C] () -- C:WINDOWSSystem32driversAsIO.sys

[2009/05/22 08:19:54 | 000,011,832 | ---- | C] () -- C:WINDOWSSystem32driversAsInsHelp64.sys

[2009/05/22 08:19:54 | 000,010,216 | ---- | C] () -- C:WINDOWSSystem32driversAsInsHelp32.sys

[2009/05/22 08:06:28 | 000,028,928 | ---- | C] () -- C:WINDOWSAscd_log.ini

[2009/05/22 08:05:27 | 000,005,810 | R--- | C] () -- C:WINDOWSSystem32driversASACPI.sys

[2009/05/22 08:05:12 | 000,028,545 | ---- | C] () -- C:WINDOWSAscd_tmp.ini

[2009/05/22 08:05:12 | 000,010,296 | ---- | C] () -- C:WINDOWSSystem32driversASUSHWIO.SYS

[2009/05/22 08:01:16 | 000,002,048 | --S- | C] () -- C:WINDOWSbootstat.dat

[2009/05/22 07:57:44 | 000,021,748 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat

[2009/02/09 06:18:00 | 001,724,416 | ---- | C] () -- C:WINDOWSSystem32nvwdmcpl.dll

[2009/02/09 06:18:00 | 001,657,376 | ---- | C] () -- C:WINDOWSSystem32nwiz.exe

[2009/02/09 06:18:00 | 001,507,328 | ---- | C] () -- C:WINDOWSSystem32nview.dll

[2009/02/09 06:18:00 | 001,346,080 | ---- | C] () -- C:WINDOWSSystem32nvdspsch.exe

[2009/02/09 06:18:00 | 001,101,824 | ---- | C] () -- C:WINDOWSSystem32nvwimg.dll

[2009/02/09 06:18:00 | 000,466,944 | ---- | C] () -- C:WINDOWSSystem32nvshell.dll

[2009/02/09 06:18:00 | 000,449,056 | ---- | C] () -- C:WINDOWSSystem32nvappbar.exe

[2009/02/09 06:18:00 | 000,436,768 | ---- | C] () -- C:WINDOWSSystem32keystone.exe

[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:WINDOWSSystem32physxcudart_20.dll

[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelTraditionalChinese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSwedish.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSpanish.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSimplifiedChinese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelPortugese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelKorean.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelJapanese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelGerman.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelFrench.dll

[2008/04/15 21:18:40 | 002,084,371 | ---- | C] () -- C:WINDOWSSystem32x264vfw.dll

[2007/11/06 21:19:28 | 000,053,299 | ---- | C] () -- C:WINDOWSSystem32pthreadVC.dll

[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:WINDOWSSystem32oembios.bin

[2004/08/04 13:00:00 | 000,707,306 | ---- | C] () -- C:WINDOWSSystem32perfh013.dat

[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:WINDOWSSystem32mlang.dat

[2004/08/04 13:00:00 | 000,607,828 | ---- | C] () -- C:WINDOWSSystem32perfh009.dat

[2004/08/04 13:00:00 | 000,318,670 | ---- | C] () -- C:WINDOWSSystem32perfi013.dat

[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:WINDOWSSystem32perfi009.dat

[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:WINDOWSSystem32dssec.dat

[2004/08/04 13:00:00 | 000,186,650 | ---- | C] () -- C:WINDOWSSystem32perfc013.dat

[2004/08/04 13:00:00 | 000,143,688 | ---- | C] () -- C:WINDOWSSystem32perfc009.dat

[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:WINDOWSSystem32mib.bin

[2004/08/04 13:00:00 | 000,039,178 | ---- | C] () -- C:WINDOWSSystem32perfd013.dat

[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:WINDOWSSystem32perfd009.dat

[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:WINDOWSSystem32secupd.dat

[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:WINDOWSSystem32oembios.dat

[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:WINDOWSSystem32dcache.bin

[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:WINDOWSSystem32noise.dat

[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:WINDOWSSystem32giveio.sys

 

========== LOP Check ==========

 

[2011/06/05 18:17:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data1C119

[2009/08/13 17:27:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataActivision

[2011/06/05 18:17:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Databoost_interprocess

[2011/08/10 19:26:46 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCanonBJ

[2011/03/14 17:01:35 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCommon Files

[2011/07/10 20:57:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataEasybits GO

[2009/09/22 08:35:45 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataF-Secure

[2011/10/19 15:31:15 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataHEMA Fotoservice

[2011/08/13 16:42:06 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataInterVideo

[2011/11/04 16:54:13 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataLogMeIn

[2011/11/04 17:06:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstop

[2011/10/30 17:56:16 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstopDat

[2010/01/27 22:03:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTEMP

[2011/10/19 14:58:56 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datatmp

[2009/12/05 19:06:30 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUbisoft

[2011/08/10 18:15:10 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUlead Systems

[2010/07/08 13:43:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/27 18:32:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/06/10 13:06:41 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/11/08 09:09:14 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataActivision

[2011/11/03 14:31:23 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataBabylonToolbar

[2011/06/05 21:35:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication Databsbandmltbpi

[2009/06/01 18:56:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataGenie-Soft

[2011/08/10 21:45:48 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataUlead Systems

[2009/06/04 18:37:34 | 000,000,344 | ---- | M] () -- C:WINDOWSTasksFRU Task #Hewlett-Packard#hp psc 1200 series#1243881968.job

[2011/11/04 17:22:26 | 000,000,424 | -H-- | M] () -- C:WINDOWSTasksMP Scheduled Scan.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%*.* >

[2009/05/22 21:24:16 | 000,001,024 | ---- | M] () -- C:.rnd

[2009/05/22 07:59:54 | 000,000,000 | ---- | M] () -- C:AUTOEXEC.BAT

[2009/09/21 19:36:07 | 000,000,211 | -HS- | M] () -- C:boot.ini

[2004/08/04 13:00:00 | 000,004,952 | RHS- | M] () -- C:Bootfont.bin

[2009/08/17 14:07:00 | 000,000,074 | ---- | M] () -- C:CMLoader.log

[2009/05/22 07:59:54 | 000,000,000 | ---- | M] () -- C:CONFIG.SYS

[2010/11/17 18:56:16 | 000,000,135 | ---- | M] () -- C:error.log

[2011/08/09 12:38:56 | 000,000,524 | ---- | M] () -- C:hpfr3420.xml

[2011/08/09 12:38:56 | 000,206,064 | ---- | M] () -- C:hpfr3425.log

[2009/08/15 23:05:02 | 000,000,921 | -H-- | M] () -- C:hpothb07.dat

[2009/08/15 23:05:02 | 000,002,225 | -H-- | M] () -- C:hpothb07.tif

[2011/02/16 17:22:12 | 000,460,824 | ---- | M] () -- C:img2-001.raw

[2009/05/22 07:59:54 | 000,000,000 | RHS- | M] () -- C:IO.SYS

[2009/05/22 07:59:54 | 000,000,000 | RHS- | M] () -- C:MSDOS.SYS

[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:NTDETECT.COM

[2009/05/22 08:41:40 | 000,251,712 | RHS- | M] () -- C:ntldr

[2011/11/04 17:17:11 | 2145,386,496 | -HS- | M] () -- C:pagefile.sys

[2009/05/22 08:07:45 | 000,001,589 | ---- | M] () -- C:RHDSetup.log

 

< %systemroot%Fonts*.com >

[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:WINDOWSFontsGlobalMonospace.CompositeFont

[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:WINDOWSFontsGlobalSansSerif.CompositeFont

[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:WINDOWSFontsGlobalSerif.CompositeFont

[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:WINDOWSFontsGlobalUserInterface.CompositeFont

 

< %systemroot%Fonts*.dll >

 

< %systemroot%Fonts*.ini >

[2009/05/22 07:59:35 | 000,000,067 | -HS- | M] () -- C:WINDOWSFontsdesktop.ini

 

< %systemroot%Fonts*.ini2 >

 

< %systemroot%Fonts*.exe >

 

< %systemroot%system32spoolprtprocsw32x86*.* >

[2010/08/25 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPDA9.DLL

[2010/08/25 04:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPPA9.DLL

[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86filterpipelineprintproc.dll

[2011/10/08 07:50:36 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSsystem32spoolprtprocsw32x86LMIproc.dll

[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86printfilterpipelinesvc.exe

 

< %systemroot%REPAIR*.bak1 >

 

< %systemroot%REPAIR*.ini >

 

< %systemroot%system32*.jpg >

 

< %systemroot%*.jpg >

 

< %systemroot%*.png >

 

< %systemroot%*.scr >

[2010/04/17 02:11:10 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:WINDOWSWLXPGSS.SCR

 

< %systemroot%*._sy >

 

< %APPDATA%AdobeUpdate*.* >

 

< %ALLUSERSPROFILE%Favorites*.* >

 

< %APPDATA%Microsoft*.* >

 

< %PROGRAMFILES%*.* >

 

< %APPDATA%Update*.* >

 

< %systemroot%*. /mp /s >

 

< %systemroot%System32config*.sav >

[2009/05/22 09:44:41 | 000,094,208 | ---- | M] () -- C:WINDOWSSystem32configdefault.sav

[2009/05/22 09:44:41 | 000,663,552 | ---- | M] () -- C:WINDOWSSystem32configsoftware.sav

[2009/05/22 09:44:41 | 000,450,560 | ---- | M] () -- C:WINDOWSSystem32configsystem.sav

 

< %PROGRAMFILES%bak. /s >

 

< %systemroot%system32bak. /s >

 

< %ALLUSERSPROFILE%Start Menu*.lîk /x >

 

< %systemroot%system32configsystemprofile*.dat /x >

 

< %systemroot%*.config >

 

< %systemroot%system32*.db >

 

< %PROGRAMFILES%Internet Explorer*.dat >

 

< %APPDATA%MikzosoftInternet ExplorerQuick Launch*.lnk /x >

 

< %USERPROFILE%Deskuop*.exe >

 

< %PROGRAMFILES%Common Files*.* >

 

< %systemroot%*.src >

[2007/04/10 22:46:53 | 000,013,023 | ---- | M] () -- C:WINDOWSVX1000.src

 

< %systemroot%install*.* >

 

< %systemroot%system32DLL*.* >

 

< %systemroot%system32HelpFiles*.* >

 

< %systemroot%system32rundll*.* >

 

< %systemroot%winn32*.* >

 

< %systemroot%Java*.* >

 

< %systemroot%system32test*.* >

 

< %systemroot%system32Rundll32*.* >

 

< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

 

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|L

Link to post
Share on other sites

Hello gagaman

 

Hope that is what you meant

Thats exactly what I meant :tup:

 

Does this machine have an extra (D) drive attached?

 

Lets see if we can take care of the remnants this time (if OTL struggles we have other options available, babylon is known to be a pain to remove):

 

  • Please open OTL

  • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

     

    :OTL
    	PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    	FF - prefs.js..browser.search.defaulturl: "http://search.babylo...search&AF=17243"
    	FF - prefs.js..keyword.URL: "http://search.babylo...rtrp&AF=17243="
    	[2011/11/03 14:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\BabylonToolbar
    	
    	:Commands
    	[purity]
    	[emptytemp]
    	[emptyflash]
    	[start explorer]
    	[Reboot]
    	
    
  • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
  • Allow the program to run unhindered.
  • Your machine will re-start itself. This is normal.
  • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

After the scan has run, please update MBAM and run a full system scan.

 

Please post the OTL fix log, the MBAM log and a new OTL scan log in your next reply.

Link to post
Share on other sites

Hello JonTom,

 

Here are the requested logs:

 

OTL-FIX Log

 

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

Prefs.js: "http://search.babylo...search&AF=17243" removed from browser.search.defaulturl

Prefs.js: "http://search.babylo...rtrp&AF=17243=" removed from keyword.URL

C:Documents and SettingsmamaApplication DataBabylonToolbar folder moved successfully.

File rity] not found.

File ptytemp] not found.

File ptyflash] not found.

File art explorer] not found.

File boot] not found.

 

OTL by OldTimer - Version 3.2.31.0 log created on 11052011_151730

FilesFolders moved on Reboot...

Registry entries deleted on Reboot...

 

Malwarebytes Antimalware log

 

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8090

Windows 5.1.2600 Service Pack 3

Internet Explorer Unknown

5/11/2011 15:33:05

mbam-log-2011-11-05 (15-33-05).txt

Scan type: Quick scan

Objects scanned: 229265

Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

 

OTL SCAn log

 

OTL logfile created on: 5/11/2011 15:50:10 - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsmamaBureaublad

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = )

Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

 

3,25 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 79,98% Memory free

5,09 Gb Paging File | 4,60 Gb Available in Paging File | 90,38% Paging File free

Paging file location(s): C:pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 146,48 Gb Total Space | 32,29 Gb Free Space | 22,05% Space Free | Partition Type: NTFS

Drive D: | 151,61 Gb Total Space | 141,39 Gb Free Space | 93,26% Space Free | Partition Type: NTFS

 

Computer Name: FRANCINE | User Name: mama | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/11/03 07:09:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe

PRC - [2011/10/30 17:06:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:Program FilesSUPERAntiSpywareSASCORE.EXE

PRC - [2011/10/30 07:47:56 | 003,045,688 | ---- | M] (Emsi Software GmbH) -- C:Program FilesEmsisoft Anti-Malwarea2service.exe

PRC - [2011/10/08 07:50:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86ramaint.exe

PRC - [2011/10/08 07:50:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LMIGuardianSvc.exe

PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:Program FilesPCPitstopInfo CenterInfoCenter.exe

PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security Clientmsseces.exe

PRC - [2011/06/15 07:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:Program FilesPowerISOPWRISOVM.EXE

PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LogMeIn.exe

PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:Program FilesD-LinkDWA-125 revAAirGCFG.exe

PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe

PRC - [2008/07/24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LogMeInSystray.exe

PRC - [2008/07/23 16:04:20 | 005,625,344 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineFourEngine.exe

PRC - [2008/04/14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe

PRC - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft LifeCamMSCamS32.exe

PRC - [2007/04/10 22:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:WINDOWSvVX1000.exe

PRC - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:Program FilesSpywareGuardsgmain.exe

PRC - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:Program FilesSpywareGuardsgbhp.exe

PRC - [2003/06/06 16:52:32 | 000,151,552 | ---- | M] (InterVideo Inc.) -- C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe

PRC - [2003/06/06 16:51:48 | 000,131,072 | ---- | M] () -- C:Program FilesInterVideoCommonBinWinCinemaMgr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/10/30 07:16:16 | 000,315,392 | ---- | M] () -- C:WINDOWSsystem32ANPDApi.dll

MOD - [2011/10/14 05:55:04 | 012,430,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Windows.Forms71a2ae9ad561a62181cbd9fb11e9de7aSystem.Windows.Forms.ni.dll

MOD - [2011/10/14 05:54:46 | 001,587,200 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Drawingc10bea3c4bb7ef654651141bf9419090System.Drawing.ni.dll

MOD - [2011/10/13 22:49:12 | 007,950,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32Systemaf39f6e644af02873b9bae319f2bfb13System.ni.dll

MOD - [2011/10/13 22:49:02 | 011,490,816 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlibca87ba84221991839abbe7d4bc9c6721mscorlib.ni.dll

MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:Program FilesD-LinkDWA-125 revAwlanapp.dll

MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:Program FilesCommon FilesAppleApple Application Supportzlib1.dll

MOD - [2009/05/22 09:04:59 | 000,303,104 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILmscorlib.resources2.0.0.0_nl_b77a5c561934e089mscorlib.resources.dll

MOD - [2008/07/23 16:04:20 | 005,625,344 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineFourEngine.exe

MOD - [2006/01/10 09:50:20 | 000,024,576 | R--- | M] () -- C:WINDOWSsystem32AsIO.dll

MOD - [2005/05/11 15:39:32 | 000,565,248 | ---- | M] () -- C:Program FilesASUSEPU-4 Enginepngio.dll

MOD - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:Program FilesSpywareGuardsgmain.exe

MOD - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:Program FilesSpywareGuardsgbhp.exe

MOD - [2003/08/02 22:20:57 | 000,126,976 | R--- | M] () -- C:Program FilesSpywareGuardspywareguard.dll

MOD - [2003/06/06 16:51:48 | 000,131,072 | ---- | M] () -- C:Program FilesInterVideoCommonBinWinCinemaMgr.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011/10/30 17:06:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:Program FilesSUPERAntiSpywareSASCORE.EXE -- (!SASCORE)

SRV - [2011/10/30 07:47:56 | 003,045,688 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware)

SRV - [2011/10/26 11:42:32 | 000,091,816 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:Program FilesPCPitstopPCPitstopScheduleService.exe -- (PCPitstop Scheduling)

SRV - [2011/10/08 07:50:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86RaMaint.exe -- (LMIMaint)

SRV - [2011/10/08 07:50:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)

SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86LogMeIn.exe -- (LogMeIn)

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe -- (ACDaemon)

SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [On_Demand | Stopped] -- C:Program FilesD-LinkDWA-125 revAANIWZCSdS.exe -- (D_Link_DWA-125)

SRV - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesD-LinkDWA-125 revAANIWConnService.exe -- (D_Link_DWA-125_WPS)

SRV - [2009/05/20 09:50:20 | 002,772,302 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:WINDOWSSystem32GameMon.des -- (npggsvc)

SRV - [2007/11/06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:Program FilesWinPcaprpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft LifeCamMSCamS32.exe -- (MSCamSvc)

SRV - [2006/09/28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2003/03/09 20:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:WINDOWSsystem32HPZipm12.exe -- (Pml Driver HPZ12)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/11/05 15:18:31 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C21752B9-DDF7-4BCD-A63C-7B802231E310}MpKsl366bbe98.sys -- (MpKsl366bbe98)

DRV - [2011/11/05 14:39:21 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C21752B9-DDF7-4BCD-A63C-7B802231E310}MpKslf92cd221.sys -- (MpKslf92cd221)

DRV - [2011/10/30 17:06:43 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/10/30 17:06:42 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSUPERAntiSpywareSASDIFSV.SYS -- (SASDIFSV)

DRV - [2011/10/30 07:16:16 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:WINDOWSsystem32ANPD.SYS -- (ANPD)

DRV - [2011/10/08 07:50:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:WINDOWSSystem32LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2011/06/15 09:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:WINDOWSSystem32driversscdemu.sys -- (SCDEmu)

DRV - [2011/06/12 19:53:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:Program FilesSUPERAntiSpywareSASENUM.SYS -- (SASENUM)

DRV - [2011/02/20 20:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc)

DRV - [2011/01/26 10:31:28 | 000,805,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversSmiUsbGrabber3C.sys -- (SMIGrabber3C)

DRV - [2009/12/25 18:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversMonfilt.sys -- (Monfilt)

DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversAmbfilt.sys -- (Ambfilt)

DRV - [2009/10/23 17:10:10 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:WINDOWSSystem32driversStarOpen.sys -- (StarOpen)

DRV - [2009/09/15 14:09:22 | 000,779,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversDrt2870.sys -- (rt2870)

DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversfssfltr_tdi.sys -- (fssfltr)

DRV - [2009/03/31 17:33:10 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversl1e51x86.sys -- (L1e)

DRV - [2008/07/24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:Program FilesLogMeInx86rainfo.sys -- (LMIInfo)

DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:WINDOWSsystem32driversLMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnmnt.sys -- (nm)

DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversMPE.sys -- (MPE)

DRV - [2007/12/17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:WINDOWSsystem32driversAsIO.sys -- (AsIO)

DRV - [2007/11/06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnpf.sys -- (NPF)

DRV - [2007/05/02 10:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_mdm.sys -- (ssm_mdm)

DRV - [2007/05/02 10:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_mdfl.sys -- (ssm_mdfl)

DRV - [2007/05/02 10:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)

DRV - [2007/05/02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_mdm.sys -- (ss_mdm)

DRV - [2007/05/02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_mdfl.sys -- (ss_mdfl)

DRV - [2007/05/02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV - [2007/04/10 22:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversVX1000.sys -- (VX1000)

DRV - [2006/11/29 06:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversAPLMp50.sys -- (APLMp50)

DRV - [2005/12/18 19:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:Program FilesDScalerDSDrv4.sys -- (DSDrv4)

DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32npptNT2.sys -- (NPPTNT2)

DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversASACPI.sys -- (MTsensor)

DRV - [2002/09/27 06:53:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverspfc.sys -- (pfc)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.be/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://be.msn.com/default.aspx?ocid=iehp

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = nl-be

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 8A 69 41 C1 21 97 CC 01 [binary data]

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243"

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=17243&q="

 

FF - [email protected]adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32.dll ()

FF - [email protected]/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]/GoogleEarthPlugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google)

FF - [email protected]/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF - [email protected]/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)

FF - [email protected]/OfficeLive,version=1.3: C:Program FilesMicrosoftOffice LivenpOLW.dll (Microsoft Corp.)

FF - [email protected]/WLPG,version=14.0.8117.0416: C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WPF,version=3.5: C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - [email protected]/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxextensions{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:Program FilesArcSoftMedia Converter for PhilipsInternet Video DownloaderPlugin_FireFox [2010/03/07 12:38:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 4.0.1extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2011/10/30 16:01:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 4.0.1extensionsPlugins: C:Program FilesMozilla Firefoxplugins

 

[2011/02/22 16:50:36 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsmamaApplication DataMozillaExtensions

[2011/10/30 12:10:16 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsmamaApplication DataMozillaFirefoxProfileshefq8rku.defaultextensions

[2011/11/03 14:46:17 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions

[2011/08/10 17:54:30 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:Program FilesMozilla Firefoxextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/11/03 14:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2009/06/03 17:08:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:PROGRAM FILESJAVAJRE6LIBDEPLOYJQSFF

[2009/09/01 20:55:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:WINDOWSMICROSOFT.NETFRAMEWORKV3.5WINDOWS PRESENTATION FOUNDATIONDOTNETASSISTANTEXTENSION

[2011/04/14 17:57:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbing.xml

[2010/01/01 09:00:00 | 000,001,892 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbolcom-nl.xml

[2010/01/01 09:00:00 | 000,004,558 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsmarktplaats-nl.xml

[2010/01/01 09:00:00 | 000,001,111 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsvandale-nl.xml

[2010/01/01 09:00:00 | 000,001,049 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginswikipedia-nl.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:WINDOWSsystem32MacromedFlashNPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin7.dll

CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:Program FilesJavajre6binnew_pluginnpjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:Program FilesMicrosoft Silverlight4.0.60531.0npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:WINDOWSsystem32AdobeDirectornp32dsw.dll

CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:Program FilesRealRealPlayerNetscape6nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprpjplug.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:Program FilesWindows Media Playernpdsplay.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:Program FilesMicrosoftOffice LivenpOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202pdf.dll

CHR - plugin: Skype Toolbars (Enabled) = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.5.0.8013_0npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll

CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpdrmv2.dll

CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpwmsdrm.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.69npGoogleUpdate3.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprjplug.dll

CHR - plugin: Windows Liveu00AE Photo Gallery (Enabled) = C:Program FilesWindows LivePhoto GalleryNPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:Program FilesiTunesMozilla Pluginsnpitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.4_0

CHR - Extension: Click to call with Skype = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.5.0.8013_0

 

O1 HOSTS File: ([2009/05/22 19:08:20 | 000,611,053 | ---- | M]) - C:WINDOWSsystem32driversetcHOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 acezip.net #[siteAdvisor.acezip.net]

O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]

O1 - Hosts: 127.0.0.1 phpadsnew.abac.com

O1 - Hosts: 127.0.0.1 a.abnad.net

O1 - Hosts: 127.0.0.1 b.abnad.net

O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]

O1 - Hosts: 127.0.0.1 d.abnad.net

O1 - Hosts: 127.0.0.1 e.abnad.net

O1 - Hosts: 127.0.0.1 t.abnad.net

O1 - Hosts: 127.0.0.1 z.abnad.net

O1 - Hosts: 127.0.0.1 banners.absolpublisher.com

O1 - Hosts: 127.0.0.1 tracking.absolstats.com

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 gtb5.acecounter.com

O1 - Hosts: 127.0.0.1 gtb19.acecounter.com

O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com

O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]

O1 - Hosts: 16309 more lines...

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..Run: [D-Link D-Link DWA-125] C:Program FilesD-LinkDWA-125 revAAirGCFG.exe (D-Link Corp.)

O4 - HKLM..Run: [info Center] C:Program FilesPCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)

O4 - HKLM..Run: [LifeCam] C:Program FilesMicrosoft LifeCamLifeExp.exe (Microsoft Corporation)

O4 - HKLM..Run: [LogMeIn GUI] C:Program FilesLogMeInx86LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..Run: [MSC] C:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)

O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..Run: [six Engine] C:Program FilesASUSEPU-4 EngineFourEngine.exe ()

O4 - HKLM..Run: [uVS10 Preload] C:Program FilesUlead SystemsUlead VideoStudio SE DVDuvPL.exe (Ulead Systems, Inc.)

O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe (Microsoft Corporation)

O4 - HKLM..Run: [WinDVR SchSvr] C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe (InterVideo Inc.)

O4 - HKLM..Run: [WZCSLDR2] C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe (Wireless Service)

O4 - HKCU..RunOnce: [shockwave Updater] C:WINDOWSsystem32AdobeShockwave 11SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.dadsproject.com/Klokkijken/klokkijken.php" File not found

O4 - Startup: C:Documents and SettingsAll UsersMenu StartProgramma'sOpstartenInterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe ()

O4 - Startup: C:Documents and SettingsmamaMenu StartProgramma'sOpstartenSpywareGuard.lnk = C:Program FilesSpywareGuardsgmain.exe ()

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (VersionControl Class)

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243013861984 (MUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 195.130.130.4 195.130.131.4

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{4F52C767-993D-4BB5-AE28-5E54599325CC}: DhcpNameServer = 195.130.131.132 195.130.130.4

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{57CC1820-8280-407F-8BB2-EB8E5714DF5F}: DhcpNameServer = 195.130.130.4 195.130.131.4

O18 - ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSsystem32userinit.exe (Microsoft Corporation)

O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program FilesSUPERAntiSpywareSASWINLO.DLL) - C:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

O20 - WinlogonNotifyLMIinit: DllName - (LMIinit.dll) - C:WINDOWSSystem32LMIinit.dll (LogMeIn, Inc.)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:Program FilesSpywareGuardspywareguard.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/22 07:59:54 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/11/03 14:48:47 | 000,000,000 | ---D | C] -- C:Program FilesESET

[2011/11/03 14:46:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataSun

[2011/11/03 14:46:23 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesJava

[2011/11/03 14:46:16 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32deployJava1.dll

[2011/11/03 14:46:16 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32javaws.exe

[2011/11/03 14:46:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32javaw.exe

[2011/11/03 14:46:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32java.exe

[2011/11/03 14:36:18 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sMalwarebytes' Anti-Malware

[2011/11/03 14:36:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:WINDOWSSystem32driversmbam.sys

[2011/11/03 14:36:14 | 000,000,000 | ---D | C] -- C:Program FilesMalwarebytes' Anti-Malware

[2011/11/03 14:35:40 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:Documents and SettingsmamaBureaubladmbam-setup-1.51.2.1300.exe

[2011/11/03 14:31:22 | 000,000,000 | ---D | C] -- C:_OTL

[2011/11/03 07:09:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe

[2011/11/02 11:25:29 | 000,000,000 | RH-D | C] -- C:Documents and SettingsmamaOnlangs geopend

[2011/11/01 12:01:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sSIW

[2011/11/01 12:01:21 | 000,000,000 | ---D | C] -- C:Program FilesSIW

[2011/11/01 09:52:47 | 000,000,000 | ---D | C] -- C:Documents and SettingsmamaBureaubladgmer

[2011/11/01 09:48:59 | 000,000,000 | R--D | C] -- C:Documents and SettingsmamaMenu StartProgramma'sSysteembeheer

[2011/11/01 09:46:37 | 000,607,260 | R--- | C] (Swearware) -- C:Documents and SettingsmamaBureaubladdds.scr

[2011/10/30 21:44:36 | 000,000,000 | ---D | C] -- C:Program FilesTrend Micro

[2011/10/30 21:44:36 | 000,000,000 | ---D | C] -- C:Documents and SettingsmamaMenu StartProgramma'sHiJackThis

[2011/10/30 17:56:16 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataPCPitstopDat

[2011/10/30 17:54:02 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sPC Pitstop

[2011/10/30 14:57:11 | 000,000,000 | ---D | C] -- C:WINDOWSCSC

[2011/10/30 12:09:43 | 000,000,000 | ---D | C] -- D:Documents and SettingsmamaMijn documentenDownloads

[2011/10/30 07:17:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sD-Link

[2011/10/30 07:15:34 | 000,779,136 | ---- | C] (Ralink Technology, Corp.) -- C:WINDOWSSystem32driversDrt2870.sys

[2011/10/30 07:15:33 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:WINDOWSSystem32RaCoInst.dll

[2011/10/30 07:15:32 | 000,000,000 | ---D | C] -- C:Program FilesD-Link

[2011/10/19 15:31:35 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sHEMA Fotoservice

[2011/10/19 15:31:15 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataHEMA Fotoservice

[2011/10/19 15:31:13 | 000,000,000 | ---D | C] -- C:Program FilesHEMA Fotoservice

[2011/10/13 18:56:57 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datatmp

[2011/10/13 18:56:56 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datahps

[2011/10/13 18:56:38 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sbol.com fotoservice

[2011/10/13 18:55:38 | 000,000,000 | ---D | C] -- C:Program Filesbol.com

[1 D:Documents and SettingsmamaMijn documenten*.tmp files -> D:Documents and SettingsmamaMijn documenten*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/11/05 15:27:55 | 000,003,284 | ---- | M] () -- C:WINDOWSSystem32ANIWZCS{57CC1820-8280-407F-8BB2-EB8E5714DF5F}

[2011/11/05 15:27:46 | 000,000,005 | ---- | M] () -- C:WINDOWSSystem32ANIWZCSUSERNAME{57CC1820-8280-407F-8BB2-EB8E5714DF5F}

[2011/11/05 15:25:08 | 000,002,206 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl

[2011/11/05 15:25:07 | 000,001,040 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job

[2011/11/05 15:25:07 | 000,000,280 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-1005.job

[2011/11/05 15:25:07 | 000,000,276 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-1003.job

[2011/11/05 15:25:06 | 000,000,294 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-500.job

[2011/11/05 15:23:32 | 000,000,424 | -H-- | M] () -- C:WINDOWStasksMP Scheduled Scan.job

[2011/11/05 15:18:21 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat

[2011/11/05 15:17:34 | 000,708,380 | ---- | M] () -- C:WINDOWSSystem32perfh013.dat

[2011/11/05 15:17:34 | 000,608,586 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat

[2011/11/05 15:17:34 | 000,187,392 | ---- | M] () -- C:WINDOWSSystem32perfc013.dat

[2011/11/05 15:17:34 | 000,144,254 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat

[2011/11/05 15:00:00 | 000,001,044 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job

[2011/11/03 16:40:10 | 000,039,570 | ---- | M] () -- C:Documents and SettingsmamaBureaubladesetscan.JPG

[2011/11/03 14:36:18 | 000,000,784 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladMalwarebytes' Anti-Malware.lnk

[2011/11/03 14:35:53 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:Documents and SettingsmamaBureaubladmbam-setup-1.51.2.1300.exe

[2011/11/03 07:09:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe

[2011/11/02 14:14:00 | 000,000,288 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-1005.job

[2011/11/02 14:11:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl

[2011/11/02 11:22:07 | 000,005,120 | ---- | M] () -- C:Documents and SettingsmamaLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/01 12:01:27 | 000,000,610 | ---- | M] () -- C:Documents and SettingsmamaBureaubladSIW.lnk

[2011/11/01 09:48:43 | 000,294,216 | ---- | M] () -- C:Documents and SettingsmamaBureaubladgmer.zip

[2011/11/01 09:46:39 | 000,607,260 | R--- | M] (Swearware) -- C:Documents and SettingsmamaBureaubladdds.scr

[2011/10/30 21:45:14 | 000,002,445 | ---- | M] () -- C:Documents and SettingsmamaBureaubladHiJackThis.lnk

[2011/10/30 18:43:37 | 000,002,187 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladSafari.lnk

[2011/10/30 18:25:42 | 000,000,244 | ---- | M] () -- C:Documents and SettingsmamaBureaubladToverboom InfoCentrum.url

[2011/10/30 17:54:02 | 000,001,675 | ---- | M] () -- C:Documents and SettingsmamaBureaubladPC Matic.lnk

[2011/10/30 17:22:29 | 000,002,493 | ---- | M] () -- C:Documents and SettingsmamaBureaubladMicrosoft Office Word 2007.lnk

[2011/10/30 16:02:47 | 000,001,324 | ---- | M] () -- C:WINDOWSSystem32d3d9caps.dat

[2011/10/30 14:45:40 | 000,000,284 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-1003.job

[2011/10/30 14:39:23 | 000,000,211 | ---- | M] () -- C:Documents and SettingsmamaBureaubladDe Toverboom - WELKOM - Basisschool 'De Toverboom'. Kom alles te weten over onze school..url

[2011/10/30 09:55:19 | 000,000,302 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-500.job

[2011/10/30 09:55:11 | 000,000,682 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladCCleaner.lnk

[2011/10/30 07:17:24 | 000,001,682 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladWireless Connection Manager.lnk

[2011/10/30 07:16:16 | 000,315,392 | ---- | M] () -- C:WINDOWSSystem32ANPDApi.dll

[2011/10/30 07:16:16 | 000,048,640 | ---- | M] () -- C:WINDOWSSystem32ANPD64.SYS

[2011/10/30 07:16:16 | 000,034,008 | ---- | M] () -- C:WINDOWSSystem32ANPD.VXD

[2011/10/30 07:16:16 | 000,029,411 | ---- | M] () -- C:WINDOWSSystem32ANPD.SYS

[2011/10/29 17:28:37 | 000,001,813 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladGoogle Chrome.lnk

[2011/10/19 14:55:38 | 000,000,914 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladbol.com fotoservice.lnk

[2011/10/19 14:55:38 | 000,000,884 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladCEWE Fotoshow.lnk

[2011/10/14 05:51:45 | 000,293,272 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2011/10/08 07:50:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIRfsClientNP.dll

[2011/10/08 07:50:35 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIinit.dll

[2011/10/08 07:50:35 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIport.dll

[1 D:Documents and SettingsmamaMijn documenten*.tmp files -> D:Documents and SettingsmamaMijn documenten*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/11/03 16:40:10 | 000,039,570 | ---- | C] () -- C:Documents and SettingsmamaBureaubladesetscan.JPG

[2011/11/03 14:36:18 | 000,000,784 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladMalwarebytes' Anti-Malware.lnk

[2011/11/02 11:20:44 | 000,005,120 | ---- | C] () -- C:Documents and SettingsmamaLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/01 12:01:27 | 000,000,610 | ---- | C] () -- C:Documents and SettingsmamaBureaubladSIW.lnk

[2011/11/01 09:48:43 | 000,294,216 | ---- | C] () -- C:Documents and SettingsmamaBureaubladgmer.zip

[2011/10/30 21:44:37 | 000,002,445 | ---- | C] () -- C:Documents and SettingsmamaBureaubladHiJackThis.lnk

[2011/10/30 17:40:33 | 000,000,244 | ---- | C] () -- C:Documents and SettingsmamaBureaubladToverboom InfoCentrum.url

[2011/10/30 09:55:20 | 000,000,294 | ---- | C] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-500.job

[2011/10/30 09:55:19 | 000,000,302 | ---- | C] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-500.job

[2011/10/30 09:55:11 | 000,000,682 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladCCleaner.lnk

[2011/10/30 07:17:31 | 000,003,284 | ---- | C] () -- C:WINDOWSSystem32ANIWZCS{57CC1820-8280-407F-8BB2-EB8E5714DF5F}

[2011/10/30 07:17:24 | 000,001,682 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladWireless Connection Manager.lnk

[2011/10/30 07:16:23 | 000,000,005 | ---- | C] () -- C:WINDOWSSystem32ANIWZCSUSERNAME{57CC1820-8280-407F-8BB2-EB8E5714DF5F}

[2011/10/30 07:16:16 | 000,315,392 | ---- | C] () -- C:WINDOWSSystem32ANPDApi.dll

[2011/10/30 07:16:16 | 000,048,640 | ---- | C] () -- C:WINDOWSSystem32ANPD64.SYS

[2011/10/30 07:16:16 | 000,034,008 | ---- | C] () -- C:WINDOWSSystem32ANPD.VXD

[2011/10/30 07:16:16 | 000,029,411 | ---- | C] () -- C:WINDOWSSystem32ANPD.SYS

[2011/10/30 07:15:33 | 000,013,931 | ---- | C] () -- C:WINDOWSSystem32RaCoInst.dat

[2011/10/13 18:56:52 | 000,000,914 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladbol.com fotoservice.lnk

[2011/10/13 18:56:52 | 000,000,884 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladCEWE Fotoshow.lnk

[2011/08/13 16:41:18 | 000,204,800 | ---- | C] () -- C:WINDOWSSystem32IVIresizeW7.dll

[2011/08/13 16:41:18 | 000,200,704 | ---- | C] () -- C:WINDOWSSystem32IVIresizeA6.dll

[2011/08/13 16:41:18 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeP6.dll

[2011/08/13 16:41:18 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeM6.dll

[2011/08/13 16:41:18 | 000,188,416 | ---- | C] () -- C:WINDOWSSystem32IVIresizePX.dll

[2011/08/13 16:41:18 | 000,020,480 | ---- | C] () -- C:WINDOWSSystem32IVIresize.dll

[2011/08/11 13:40:49 | 000,061,244 | ---- | C] () -- C:WINDOWSSystem32x264vfw-uninstall.exe

[2011/08/11 13:38:08 | 000,000,135 | ---- | C] () -- C:WINDOWShuffyuv.ini

[2011/08/10 18:18:52 | 000,363,520 | ---- | C] () -- C:WINDOWSSystem32PsisDecd.dll

[2011/07/10 22:04:39 | 000,021,504 | ---- | C] () -- C:WINDOWSjestertb.dll

[2011/03/18 22:18:48 | 000,002,528 | ---- | C] () -- C:Documents and SettingsmamaApplication Data$_hpcst$.hpc

[2011/03/08 20:05:24 | 000,000,162 | ---- | C] () -- C:WINDOWSwininit.ini

[2011/02/23 19:49:33 | 000,000,552 | ---- | C] () -- C:WINDOWSSystem32d3d8caps.dat

[2011/02/20 12:33:22 | 000,000,000 | ---- | C] () -- C:WINDOWSnsreg.dat

[2010/11/18 17:36:02 | 000,027,648 | ---- | C] () -- C:WINDOWSSystem32AVSredirect.dll

[2010/05/06 19:43:34 | 000,001,324 | ---- | C] () -- C:WINDOWSSystem32d3d9caps.dat

[2010/04/06 10:37:57 | 000,000,056 | -H-- | C] () -- C:WINDOWSSystem32ezsidmv.dat

[2010/04/06 10:30:31 | 000,015,498 | ---- | C] () -- C:WINDOWSVX1000.ini

[2010/01/27 21:54:34 | 002,283,526 | ---- | C] () -- C:WINDOWSSystem32nvdata.bin

[2009/12/24 14:53:19 | 000,087,472 | ---- | C] () -- C:WINDOWSSystem32ijjiChannelingPlugin.dll

[2009/10/24 18:51:55 | 000,682,280 | ---- | C] () -- C:WINDOWSSystem32pbsvc.exe

[2009/09/27 18:14:41 | 000,062,036 | -H-- | C] () -- C:WINDOWSSystem32mlfcache.dat

[2009/08/06 09:42:23 | 000,138,160 | ---- | C] () -- C:WINDOWSSystem32driversPnkBstrK.sys

[2009/08/06 09:42:01 | 000,271,200 | ---- | C] () -- C:WINDOWSSystem32PnkBstrB.exe

[2009/08/06 09:41:56 | 000,075,136 | ---- | C] () -- C:WINDOWSSystem32PnkBstrA.exe

[2009/08/06 09:41:46 | 000,000,287 | ---- | C] () -- C:WINDOWSgame.ini

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:WINDOWSSystem32OGACheckControl.dll

[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:WINDOWSSystem32OGAEXEC.exe

[2009/07/12 16:39:51 | 000,000,751 | ---- | C] () -- C:WINDOWSSpiderman.INI

[2009/07/12 10:32:17 | 000,158,952 | ---- | C] () -- C:WINDOWSSystem32PubPlugin.dll

[2009/06/29 17:33:43 | 000,000,000 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataLauncherAccess.dt

[2009/06/29 17:27:54 | 000,005,632 | ---- | C] () -- C:WINDOWSSystem32driversStarOpen.sys

[2009/06/01 19:43:54 | 000,019,558 | ---- | C] () -- C:WINDOWShpoins01.dat

[2009/06/01 19:43:54 | 000,016,606 | ---- | C] () -- C:WINDOWShpomdl01.dat

[2009/05/22 09:48:05 | 000,004,205 | ---- | C] () -- C:WINDOWSODBCINST.INI

[2009/05/22 09:45:27 | 000,293,272 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2009/05/22 09:13:54 | 000,000,127 | ---- | C] () -- C:Documents and SettingsmamaLocal SettingsApplication Datafusioncache.dat

[2009/05/22 08:19:56 | 000,024,576 | R--- | C] () -- C:WINDOWSSystem32AsIO.dll

[2009/05/22 08:19:56 | 000,012,400 | R--- | C] () -- C:WINDOWSSystem32driversAsIO.sys

[2009/05/22 08:19:54 | 000,011,832 | ---- | C] () -- C:WINDOWSSystem32driversAsInsHelp64.sys

[2009/05/22 08:19:54 | 000,010,216 | ---- | C] () -- C:WINDOWSSystem32driversAsInsHelp32.sys

[2009/05/22 08:06:28 | 000,028,928 | ---- | C] () -- C:WINDOWSAscd_log.ini

[2009/05/22 08:05:27 | 000,005,810 | R--- | C] () -- C:WINDOWSSystem32driversASACPI.sys

[2009/05/22 08:05:12 | 000,028,545 | ---- | C] () -- C:WINDOWSAscd_tmp.ini

[2009/05/22 08:05:12 | 000,010,296 | ---- | C] () -- C:WINDOWSSystem32driversASUSHWIO.SYS

[2009/05/22 08:01:16 | 000,002,048 | --S- | C] () -- C:WINDOWSbootstat.dat

[2009/05/22 07:57:44 | 000,021,748 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat

[2009/02/09 06:18:00 | 001,724,416 | ---- | C] () -- C:WINDOWSSystem32nvwdmcpl.dll

[2009/02/09 06:18:00 | 001,657,376 | ---- | C] () -- C:WINDOWSSystem32nwiz.exe

[2009/02/09 06:18:00 | 001,507,328 | ---- | C] () -- C:WINDOWSSystem32nview.dll

[2009/02/09 06:18:00 | 001,346,080 | ---- | C] () -- C:WINDOWSSystem32nvdspsch.exe

[2009/02/09 06:18:00 | 001,101,824 | ---- | C] () -- C:WINDOWSSystem32nvwimg.dll

[2009/02/09 06:18:00 | 000,466,944 | ---- | C] () -- C:WINDOWSSystem32nvshell.dll

[2009/02/09 06:18:00 | 000,449,056 | ---- | C] () -- C:WINDOWSSystem32nvappbar.exe

[2009/02/09 06:18:00 | 000,436,768 | ---- | C] () -- C:WINDOWSSystem32keystone.exe

[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:WINDOWSSystem32physxcudart_20.dll

[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelTraditionalChinese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSwedish.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSpanish.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSimplifiedChinese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelPortugese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelKorean.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelJapanese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelGerman.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelFrench.dll

[2008/04/15 21:18:40 | 002,084,371 | ---- | C] () -- C:WINDOWSSystem32x264vfw.dll

[2007/11/06 21:19:28 | 000,053,299 | ---- | C] () -- C:WINDOWSSystem32pthreadVC.dll

[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:WINDOWSSystem32oembios.bin

[2004/08/04 13:00:00 | 000,708,380 | ---- | C] () -- C:WINDOWSSystem32perfh013.dat

[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:WINDOWSSystem32mlang.dat

[2004/08/04 13:00:00 | 000,608,586 | ---- | C] () -- C:WINDOWSSystem32perfh009.dat

[2004/08/04 13:00:00 | 000,318,670 | ---- | C] () -- C:WINDOWSSystem32perfi013.dat

[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:WINDOWSSystem32perfi009.dat

[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:WINDOWSSystem32dssec.dat

[2004/08/04 13:00:00 | 000,187,392 | ---- | C] () -- C:WINDOWSSystem32perfc013.dat

[2004/08/04 13:00:00 | 000,144,254 | ---- | C] () -- C:WINDOWSSystem32perfc009.dat

[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:WINDOWSSystem32mib.bin

[2004/08/04 13:00:00 | 000,039,178 | ---- | C] () -- C:WINDOWSSystem32perfd013.dat

[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:WINDOWSSystem32perfd009.dat

[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:WINDOWSSystem32secupd.dat

[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:WINDOWSSystem32oembios.dat

[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:WINDOWSSystem32dcache.bin

[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:WINDOWSSystem32noise.dat

[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:WINDOWSSystem32giveio.sys

 

========== LOP Check ==========

 

[2011/06/05 18:17:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data1C119

[2009/08/13 17:27:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataActivision

[2011/06/05 18:17:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Databoost_interprocess

[2011/08/10 19:26:46 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCanonBJ

[2011/03/14 17:01:35 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCommon Files

[2011/07/10 20:57:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataEasybits GO

[2009/09/22 08:35:45 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataF-Secure

[2011/10/19 15:31:15 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataHEMA Fotoservice

[2011/08/13 16:42:06 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataInterVideo

[2011/11/05 14:39:18 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataLogMeIn

[2011/11/04 17:06:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstop

[2011/10/30 17:56:16 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstopDat

[2010/01/27 22:03:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTEMP

[2011/10/19 14:58:56 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datatmp

[2009/12/05 19:06:30 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUbisoft

[2011/08/10 18:15:10 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUlead Systems

[2010/07/08 13:43:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/27 18:32:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/06/10 13:06:41 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/11/08 09:09:14 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataActivision

[2011/06/05 21:35:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication Databsbandmltbpi

[2009/06/01 18:56:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataGenie-Soft

[2011/08/10 21:45:48 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataUlead Systems

[2009/06/04 18:37:34 | 000,000,344 | ---- | M] () -- C:WINDOWSTasksFRU Task #Hewlett-Packard#hp psc 1200 series#1243881968.job

[2011/11/05 15:23:32 | 000,000,424 | -H-- | M] () -- C:WINDOWSTasksMP Scheduled Scan.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%*.* >

[2009/05/22 21:24:16 | 000,001,024 | ---- | M] () -- C:.rnd

[2009/05/22 07:59:54 | 000,000,000 | ---- | M] () -- C:AUTOEXEC.BAT

[2009/09/21 19:36:07 | 000,000,211 | -HS- | M] () -- C:boot.ini

[2004/08/04 13:00:00 | 000,004,952 | RHS- | M] () -- C:Bootfont.bin

[2009/08/17 14:07:00 | 000,000,074 | ---- | M] () -- C:CMLoader.log

[2009/05/22 07:59:54 | 000,000,000 | ---- | M] () -- C:CONFIG.SYS

[2010/11/17 18:56:16 | 000,000,135 | ---- | M] () -- C:error.log

[2011/08/09 12:38:56 | 000,000,524 | ---- | M] () -- C:hpfr3420.xml

[2011/08/09 12:38:56 | 000,206,064 | ---- | M] () -- C:hpfr3425.log

[2009/08/15 23:05:02 | 000,000,921 | -H-- | M] () -- C:hpothb07.dat

[2009/08/15 23:05:02 | 000,002,225 | -H-- | M] () -- C:hpothb07.tif

[2011/02/16 17:22:12 | 000,460,824 | ---- | M] () -- C:img2-001.raw

[2009/05/22 07:59:54 | 000,000,000 | RHS- | M] () -- C:IO.SYS

[2009/05/22 07:59:54 | 000,000,000 | RHS- | M] () -- C:MSDOS.SYS

[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:NTDETECT.COM

[2009/05/22 08:41:40 | 000,251,712 | RHS- | M] () -- C:ntldr

[2011/11/05 15:18:16 | 2145,386,496 | -HS- | M] () -- C:pagefile.sys

[2009/05/22 08:07:45 | 000,001,589 | ---- | M] () -- C:RHDSetup.log

 

< %systemroot%Fonts*.com >

[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:WINDOWSFontsGlobalMonospace.CompositeFont

[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:WINDOWSFontsGlobalSansSerif.CompositeFont

[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:WINDOWSFontsGlobalSerif.CompositeFont

[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:WINDOWSFontsGlobalUserInterface.CompositeFont

 

< %systemroot%Fonts*.dll >

 

< %systemroot%Fonts*.ini >

[2009/05/22 07:59:35 | 000,000,067 | -HS- | M] () -- C:WINDOWSFontsdesktop.ini

 

< %systemroot%Fonts*.ini2 >

 

< %systemroot%Fonts*.exe >

 

< %systemroot%system32spoolprtprocsw32x86*.* >

[2010/08/25 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPDA9.DLL

[2010/08/25 04:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPPA9.DLL

[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86filterpipelineprintproc.dll

[2011/10/08 07:50:36 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSsystem32spoolprtprocsw32x86LMIproc.dll

[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86printfilterpipelinesvc.exe

 

< %systemroot%REPAIR*.bak1 >

 

< %systemroot%REPAIR*.ini >

 

< %systemroot%system32*.jpg >

 

< %systemroot%*.jpg >

 

< %systemroot%*.png >

 

< %systemroot%*.scr >

[2010/04/17 02:11:10 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:WINDOWSWLXPGSS.SCR

 

< %systemroot%*._sy >

 

< %APPDATA%AdobeUpdate*.* >

 

< %ALLUSERSPROFILE%Favorites*.* >

 

< %APPDATA%Microsoft*.* >

 

< %PROGRAMFILES%*.* >

 

< %APPDATA%Update*.* >

 

< %systemroot%*. /mp /s >

 

< %systemroot%System32config*.sav >

[2009/05/22 09:44:41 | 000,094,208 | ---- | M] () -- C:WINDOWSSystem32configdefault.sav

[2009/05/22 09:44:41 | 000,663,552 | ---- | M] () -- C:WINDOWSSystem32configsoftware.sav

[2009/05/22 09:44:41 | 000,450,560 | ---- | M] () -- C:WINDOWSSystem32configsystem.sav

 

< %PROGRAMFILES%bak. /s >

 

< %systemroot%system32bak. /s >[/

Link to post
Share on other sites

Hello gagaman

 

Thank you for the logs.

 

OTL is removing those entries but they are still being recreated.

  • Combofix

  • Download ComboFix from one of the following locations:

     

    Link 1

    Link 2

  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image

 

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image

 

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

     

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

     

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Link to post
Share on other sites

Hello JonTom,

 

Does this machine have an extra (D) drive attached?

I missed this a few posts back :facepalm: ... This computer has 1 HD divided in two partitions.: c:/ with the os en programs and d:/ with the data.

 

Here is the

 

Combofixlog

 

ComboFix 11-11-05.02 - mama 05/11/2011 17:30:21.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2559 [GMT 1:00]

Gestart vanuit: c:documents and settingsmamaBureaubladComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:documents and settingsAll UsersApplication DataTEMP

c:windowsjestertb.dll

d:documents and settingsmamaMijn documenten~WRL0005.tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-10-05 to 2011-11-05 ))))))))))))))))))))))))))))))

.

.

2011-11-05 16:26 . 2011-11-05 16:26 56200 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{4610ACF3-2D33-4F6A-B07B-EA1FA43E494D}offreg.dll

2011-11-05 16:26 . 2011-10-07 03:48 6668624 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{4610ACF3-2D33-4F6A-B07B-EA1FA43E494D}mpengine.dll

2011-11-03 13:48 . 2011-11-03 13:48 -------- d-----w- c:program filesESET

2011-11-03 13:46 . 2011-11-03 13:46 -------- d-----w- c:program filesCommon FilesJava

2011-11-03 13:46 . 2011-10-03 04:06 472808 ----a-w- c:windowssystem32deployJava1.dll

2011-11-03 13:36 . 2011-11-03 13:36 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2011-11-03 13:36 . 2011-08-31 16:00 22216 ----a-w- c:windowssystem32driversmbam.sys

2011-11-03 13:31 . 2011-11-03 13:31 -------- d-----w- C:_OTL

2011-11-02 10:25 . 2011-11-05 14:58 -------- d--h--r- c:documents and settingsmamaOnlangs geopend

2011-11-01 11:01 . 2011-11-01 11:01 -------- d-----w- c:program filesSIW

2011-10-30 20:44 . 2011-10-30 20:44 388096 ----a-r- c:documents and settingsmamaApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2011-10-30 20:44 . 2011-10-30 20:44 -------- d-----w- c:program filesTrend Micro

2011-10-30 16:56 . 2011-10-30 16:56 -------- d-----w- c:documents and settingsAll UsersApplication DataPCPitstopDat

2011-10-30 08:56 . 2011-10-30 08:56 -------- d--h--r- c:documents and settingsAdministratorOnlangs geopend

2011-10-30 08:54 . 2011-10-30 08:54 -------- d-sh--w- c:documents and settingsAdministratorIECompatCache

2011-10-30 08:53 . 2011-10-30 08:54 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataConduitEngine

2011-10-30 06:16 . 2011-10-30 06:16 48640 ----a-w- c:windowssystem32ANPD64.SYS

2011-10-30 06:16 . 2011-10-30 06:16 34008 ----a-w- c:windowssystem32ANPD.VXD

2011-10-30 06:16 . 2011-10-30 06:16 315392 ----a-w- c:windowssystem32ANPDApi.dll

2011-10-30 06:16 . 2011-10-30 06:16 29411 ----a-w- c:windowssystem32ANPD.SYS

2011-10-30 06:15 . 2009-09-15 13:09 779136 ----a-w- c:windowssystem32driversDrt2870.sys

2011-10-30 06:15 . 2009-09-15 13:08 221184 ----a-w- c:windowssystem32RaCoInst.dll

2011-10-30 06:15 . 2011-10-30 06:15 -------- d-----w- c:program filesD-Link

2011-10-30 06:15 . 2011-10-30 06:15 -------- d-----w- c:documents and settingsAdministratorApplication DataInstallShield

2011-10-30 06:13 . 2011-10-30 06:13 -------- d-----w- c:documents and settingsAdministratorApplication DataUlead Systems

2011-10-30 06:13 . 2011-10-30 06:13 -------- d-----w- c:documents and settingsAdministratorApplication DataApple Computer

2011-10-19 14:31 . 2011-10-19 14:31 -------- d-----w- c:documents and settingsAll UsersApplication DataHEMA Fotoservice

2011-10-19 14:31 . 2011-10-19 14:31 -------- d-----w- c:program filesHEMA Fotoservice

2011-10-13 17:56 . 2011-10-19 13:58 -------- d-----w- c:documents and settingsAll UsersApplication Datatmp

2011-10-13 17:56 . 2011-10-13 17:56 -------- d-----w- c:documents and settingsAll UsersApplication Datahps

2011-10-13 17:55 . 2011-10-13 17:55 -------- d-----w- c:program filesbol.com

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-02 13:11 . 2011-06-07 16:11 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-10-08 06:50 . 2009-05-22 20:24 52096 ----a-w- c:windowssystem32Spoolprtprocsw32x86LMIproc.dll

2011-10-08 06:50 . 2009-05-22 20:24 83360 ----a-w- c:windowssystem32LMIRfsClientNP.dll

2011-10-08 06:50 . 2009-05-22 20:24 30592 ----a-w- c:windowssystem32LMIport.dll

2011-10-08 06:50 . 2009-05-22 20:24 87424 ----a-w- c:windowssystem32LMIinit.dll

2011-10-07 03:48 . 2011-06-13 18:01 6668624 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2011-10-03 01:37 . 2009-06-03 16:08 73728 ----a-w- c:windowssystem32javacpl.cpl

2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:windowssystem32uiautomationcore.dll

2011-09-26 09:41 . 2004-08-04 12:00 23040 ----a-w- c:windowssystem32oleaccrc.dll

2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:windowssystem32oleacc.dll

2011-09-09 09:12 . 2004-08-04 12:00 602624 ----a-w- c:windowssystem32crypt32.dll

2011-09-06 14:09 . 2004-08-04 12:00 1859072 ----a-w- c:windowssystem32win32k.sys

2011-08-22 23:41 . 2004-08-04 12:00 916480 ----a-w- c:windowssystem32wininet.dll

2011-08-22 23:41 . 2004-08-04 12:00 43520 ----a-w- c:windowssystem32licmgr10.dll

2011-08-22 23:41 . 2004-08-04 12:00 1469440 ----a-w- c:windowssystem32inetcpl.cpl

2011-08-22 11:58 . 2004-08-04 12:00 385024 ----a-w- c:windowssystem32html.iec

2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:windowssystem32driversafd.sys

2011-08-13 12:00 . 2011-08-11 12:40 61244 ----a-w- c:windowssystem32x264vfw-uninstall.exe

2011-04-14 16:57 . 2011-04-29 14:24 142296 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Skype"="c:program filesSkypePhoneSkype.exe" [2011-07-29 17361032]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"Six Engine"="c:program filesASUSEPU-4 EngineFourEngine.exe" [2008-07-23 5625344]

"LogMeIn GUI"="c:program filesLogMeInx86LogMeInSystray.exe" [2008-07-24 63048]

"RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408]

"LifeCam"="c:program filesMicrosoft LifeCamLifeExp.exe" [2007-05-17 279912]

"VX1000"="c:windowsvVX1000.exe" [2007-04-10 709992]

"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2011-06-15 997920]

"AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2011-06-07 421160]

"PWRISOVM.EXE"="c:program filesPowerISOPWRISOVM.EXE" [2011-06-15 307200]

"UVS10 Preload"="c:program filesUlead SystemsUlead VideoStudio SE DVDuvPL.exe" [2006-08-09 36864]

"WinDVR SchSvr"="c:program filesCommon FilesInterVideoSchSvrSchSvr.exe" [2003-06-06 151552]

"D-Link D-Link DWA-125"="c:program filesD-LinkDWA-125 revAAirGCFG.exe" [2009-10-19 995328]

"WZCSLDR2"="c:program filesD-LinkDWA-125 revAWZCSLDR2.exe" [2009-10-19 122880]

"Info Center"="c:program filesPCPitstopInfo CenterInfoCenter.exe" [2011-09-26 24216]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-06-09 254696]

.

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2011-07-27 434080]

.

c:documents and settingsmamaMenu StartProgramma'sOpstarten

SpywareGuard.lnk - c:program filesSpywareGuardsgmain.exe [2003-8-29 360448]

.

c:documents and settingsAll UsersMenu StartProgramma'sOpstarten

InterVideo WinCinema Manager.lnk - c:program filesInterVideoCommonBinWinCinemaMgr.exe [2011-8-13 131072]

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2011-10-30 113024]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]

2009-09-22 05:43 548352 ----a-w- c:program filesSUPERAntiSpywareSASWINLO.DLL

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyLMIinit]

2011-10-08 06:50 87424 ----a-w- c:windowssystem32LMIinit.dll

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hp psc 1000 series.lnk]

path=c:documents and settingsAll UsersMenu StartProgramma'sOpstartenhp psc 1000 series.lnk

backup=c:windowspsshp psc 1000 series.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hpoddt01.exe.lnk]

path=c:documents and settingsAll UsersMenu StartProgramma'sOpstartenhpoddt01.exe.lnk

backup=c:windowspsshpoddt01.exe.lnkCommon Startup

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:program filesQuickTimeQTTask.exe

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:Program FilesMessengermsmsgs.exe"=

"c:WINDOWSDownloaded Program FilesPurpleBean.exe"=

"c:ijjiENGLISHu_sfsoldierfront.exe"=

"c:WINDOWSsystem32PnkBstrA.exe"=

"c:WINDOWSsystem32PnkBstrB.exe"=

"c:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx9.exe"=

"c:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx10.exe"=

"c:Program FilesUbisoftAssassin's CreedAssassinsCreed_Launcher.exe"=

"c:Program FilesActivisionCall of Duty - World at WarCoDWaW.exe"=

"c:Program FilesActivisionCall of Duty - World at WarCoDWaWmp.exe"=

"c:WINDOWSDownloaded Program FilesijjiOptimizer.exe"=

"c:Program FilesMicrosoft LifeCamLifeCam.exe"=

"c:Program FilesMicrosoft LifeCamLifeExp.exe"=

"c:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4sp.exe"=

"c:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4mp.exe"=

"c:Program FilesGoogleGoogle Earthclientgoogleearth.exe"=

"c:Program FilesWindows LiveMessengermsnmsgr.exe"=

"c:Program FilesWindows LiveSyncWindowsLiveSync.exe"=

"c:Program FilesWolfenstein - Enemy TerritoryET.exe"=

"c:program filesMicrosoft ActiveSyncrapimgr.exe"= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:program filesMicrosoft ActiveSyncwcescomm.exe"= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:program filesMicrosoft ActiveSyncWCESMgr.exe"= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:Program FilesBonjourmDNSResponder.exe"=

"c:Program FilesSafariSafari.exe"=

"c:Program FilesiTunesiTunes.exe"=

"c:Program FilesActivisionCall of Duty 2CoD2MP_s.exe"=

"c:Program FilesActivisionCall of Duty 4 - Modern Warfareiw3mp.exe"=

"c:Program FilesSkypePhoneSkype.exe"=

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1620:UDP"= 1620:UDP:Windows Media Format SDK (wmplayer.exe)

"1621:UDP"= 1621:UDP:Windows Media Format SDK (wmplayer.exe)

"1624:UDP"= 1624:UDP:Windows Media Format SDK (wmplayer.exe)

.

R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [14/05/2009 13:22 12880]

R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [14/05/2009 13:22 67664]

R2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE.EXE [12/06/2011 19:53 116608]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:program filesEmsisoft Anti-Malwarea2service.exe [13/06/2011 16:44 3045688]

R2 ANPD;ANPD Service;c:windowssystem32ANPD.SYS [30/10/2011 7:16 29411]

R2 LMIGuardianSvc;LMIGuardianSvc;c:program filesLogMeInx86LMIGuardianSvc.exe [5/10/2010 11:45 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:program filesLogMeInx86rainfo.sys [24/07/2008 17:46 12856]

S1 MpKsl2a03b60a;MpKsl2a03b60a;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7262EA36-DCEB-49B7-87AB-3885AE2C843C}MpKsl2a03b60a.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7262EA36-DCEB-49B7-87AB-3885AE2C843C}MpKsl2a03b60a.sys [?]

S1 MpKslb124d8ed;MpKslb124d8ed;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{56BFF251-6282-460B-B669-266224A92BB0}MpKslb124d8ed.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{56BFF251-6282-460B-B669-266224A92BB0}MpKslb124d8ed.sys [?]

S1 MpKsld0e9bdc2;MpKsld0e9bdc2;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{70379D85-E50B-44FF-86E2-CFC904337769}MpKsld0e9bdc2.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{70379D85-E50B-44FF-86E2-CFC904337769}MpKsld0e9bdc2.sys [?]

S3 a2acc;a2acc;c:program filesEmsisoft Anti-Malwarea2accx86.sys [13/06/2011 16:44 73728]

S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [22/05/2009 8:06 1691480]

S3 D_Link_DWA-125;D_Link_DWA-125 Service;c:program filesD-LinkDWA-125 revAANIWZCSdS.exe [30/10/2011 7:16 126976]

S3 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:program filesD-LinkDWA-125 revAANIWConnService.exe [30/10/2011 7:16 40960]

S3 gupdate;Google Updateservice (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [22/11/2009 19:04 135664]

S3 gupdatem;Google Update-service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [22/11/2009 19:04 135664]

S3 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [6/11/2007 21:22 34064]

S3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des -service --> c:windowssystem32GameMon.des -service [?]

S3 PCPitstop Scheduling;PCPitstop Scheduling;c:program filesPCPitstopPCPitstopScheduleService.exe [30/10/2011 17:53 91816]

S3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [14/05/2009 13:22 12872]

S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:windowssystem32driversSmiUsbGrabber3C.sys [10/08/2011 18:03 805632]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-08-25 c:windowsTasksAppleSoftwareUpdate.job

- c:program filesApple Software UpdateSoftwareUpdate.exe [2009-10-22 15:57]

.

2009-06-04 c:windowsTasksFRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4243881968.job

- c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-09 15:56]

.

2011-11-05 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2009-11-22 18:04]

.

2011-11-05 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2009-11-22 18:04]

.

2011-11-05 c:windowsTasksMP Scheduled Scan.job

- c:program filesMicrosoft Security ClientAntimalwareMpCmdRun.exe [2011-04-27 13:39]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

TCP: DhcpNameServer = 195.130.130.4 195.130.131.4

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

FF - ProfilePath - c:documents and settingsmamaApplication DataMozillaFirefoxProfileshefq8rku.default

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=17243&q=

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-SunJavaUpdateSched - c:program filesJavajre6binjusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-05 17:33

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc]

"ImagePath"="c:windowssystem32GameMon.des -service"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(708)

c:program filesSUPERAntiSpywareSASWINLO.DLL

c:windowssystem32LMIinit.dll

c:windowssystem32LMIRfsClientNP.dll

.

Voltooingstijd: 2011-11-05 17:34:08

ComboFix-quarantined-files.txt 2011-11-05 16:34

.

Pre-Run: 34.522.189.824 bytes beschikbaar

Post-Run: 34.536.259.584 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS

[operating systems]

c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - CA85724A274B0042712D6BF867B5845A

Edited by gagaman
Link to post
Share on other sites

Hello gagaman

  • Please work through the following steps

  • Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").
  • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
  • Copy and Paste the text in the quotebox below into the open Notepad window:

     

    Firefox::

    FF - ProfilePath - c:\documents and settings\mama\Application Data\Mozilla\Firefox\Profiles\hefq8rku.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243

    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=17243&q=

     

     

  • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
  • Close any open browsers.
  • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Refering to the picture below, drag CFScript.txt into ComboFix.exe

     

    Posted Image

  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • Once the log is produced, re-engage your resident anti virus.
Link to post
Share on other sites

Hello JonTom,

 

Thanks for your reply. I hope I did it right. When I dropped the notapad file on combofix, combofix asked to update to an newer version... I clicked ok. Then combofix seemed to update and did the job.

 

Combofixlog

 

ComboFix 11-11-06.01 - mama 06/11/2011 17:10:31.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2626 [GMT 1:00]

Gestart vanuit: c:documents and settingsmamaBureaubladComboFix.exe

gebruikte Opdracht switches :: c:documents and settingsmamaBureaubladCFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-10-06 to 2011-11-06 ))))))))))))))))))))))))))))))

.

.

2011-11-06 16:05 . 2011-11-06 16:05 56200 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{4610ACF3-2D33-4F6A-B07B-EA1FA43E494D}offreg.dll

2011-11-05 16:26 . 2011-10-07 03:48 6668624 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{4610ACF3-2D33-4F6A-B07B-EA1FA43E494D}mpengine.dll

2011-11-03 13:48 . 2011-11-03 13:48 -------- d-----w- c:program filesESET

2011-11-03 13:46 . 2011-11-03 13:46 -------- d-----w- c:program filesCommon FilesJava

2011-11-03 13:46 . 2011-10-03 04:06 472808 ----a-w- c:windowssystem32deployJava1.dll

2011-11-03 13:36 . 2011-11-03 13:36 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2011-11-03 13:36 . 2011-08-31 16:00 22216 ----a-w- c:windowssystem32driversmbam.sys

2011-11-03 13:31 . 2011-11-03 13:31 -------- d-----w- C:_OTL

2011-11-02 10:25 . 2011-11-06 16:07 -------- d--h--r- c:documents and settingsmamaOnlangs geopend

2011-11-01 11:01 . 2011-11-01 11:01 -------- d-----w- c:program filesSIW

2011-10-30 20:44 . 2011-10-30 20:44 388096 ----a-r- c:documents and settingsmamaApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2011-10-30 20:44 . 2011-10-30 20:44 -------- d-----w- c:program filesTrend Micro

2011-10-30 16:56 . 2011-10-30 16:56 -------- d-----w- c:documents and settingsAll UsersApplication DataPCPitstopDat

2011-10-30 08:56 . 2011-10-30 08:56 -------- d--h--r- c:documents and settingsAdministratorOnlangs geopend

2011-10-30 08:54 . 2011-10-30 08:54 -------- d-sh--w- c:documents and settingsAdministratorIECompatCache

2011-10-30 08:53 . 2011-10-30 08:54 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataConduitEngine

2011-10-30 06:16 . 2011-10-30 06:16 48640 ----a-w- c:windowssystem32ANPD64.SYS

2011-10-30 06:16 . 2011-10-30 06:16 34008 ----a-w- c:windowssystem32ANPD.VXD

2011-10-30 06:16 . 2011-10-30 06:16 315392 ----a-w- c:windowssystem32ANPDApi.dll

2011-10-30 06:16 . 2011-10-30 06:16 29411 ----a-w- c:windowssystem32ANPD.SYS

2011-10-30 06:15 . 2009-09-15 13:09 779136 ----a-w- c:windowssystem32driversDrt2870.sys

2011-10-30 06:15 . 2009-09-15 13:08 221184 ----a-w- c:windowssystem32RaCoInst.dll

2011-10-30 06:15 . 2011-10-30 06:15 -------- d-----w- c:program filesD-Link

2011-10-30 06:15 . 2011-10-30 06:15 -------- d-----w- c:documents and settingsAdministratorApplication DataInstallShield

2011-10-30 06:13 . 2011-10-30 06:13 -------- d-----w- c:documents and settingsAdministratorApplication DataUlead Systems

2011-10-30 06:13 . 2011-10-30 06:13 -------- d-----w- c:documents and settingsAdministratorApplication DataApple Computer

2011-10-19 14:31 . 2011-10-19 14:31 -------- d-----w- c:documents and settingsAll UsersApplication DataHEMA Fotoservice

2011-10-19 14:31 . 2011-10-19 14:31 -------- d-----w- c:program filesHEMA Fotoservice

2011-10-13 17:56 . 2011-10-19 13:58 -------- d-----w- c:documents and settingsAll UsersApplication Datatmp

2011-10-13 17:56 . 2011-10-13 17:56 -------- d-----w- c:documents and settingsAll UsersApplication Datahps

2011-10-13 17:55 . 2011-10-13 17:55 -------- d-----w- c:program filesbol.com

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-02 13:11 . 2011-06-07 16:11 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-10-08 06:50 . 2009-05-22 20:24 52096 ----a-w- c:windowssystem32Spoolprtprocsw32x86LMIproc.dll

2011-10-08 06:50 . 2009-05-22 20:24 83360 ----a-w- c:windowssystem32LMIRfsClientNP.dll

2011-10-08 06:50 . 2009-05-22 20:24 30592 ----a-w- c:windowssystem32LMIport.dll

2011-10-08 06:50 . 2009-05-22 20:24 87424 ----a-w- c:windowssystem32LMIinit.dll

2011-10-07 03:48 . 2011-06-13 18:01 6668624 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2011-10-03 01:37 . 2009-06-03 16:08 73728 ----a-w- c:windowssystem32javacpl.cpl

2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:windowssystem32uiautomationcore.dll

2011-09-26 09:41 . 2004-08-04 12:00 23040 ----a-w- c:windowssystem32oleaccrc.dll

2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:windowssystem32oleacc.dll

2011-09-09 09:12 . 2004-08-04 12:00 602624 ----a-w- c:windowssystem32crypt32.dll

2011-09-06 14:09 . 2004-08-04 12:00 1859072 ----a-w- c:windowssystem32win32k.sys

2011-08-22 23:41 . 2004-08-04 12:00 916480 ----a-w- c:windowssystem32wininet.dll

2011-08-22 23:41 . 2004-08-04 12:00 43520 ----a-w- c:windowssystem32licmgr10.dll

2011-08-22 23:41 . 2004-08-04 12:00 1469440 ----a-w- c:windowssystem32inetcpl.cpl

2011-08-22 11:58 . 2004-08-04 12:00 385024 ----a-w- c:windowssystem32html.iec

2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:windowssystem32driversafd.sys

2011-08-13 12:00 . 2011-08-11 12:40 61244 ----a-w- c:windowssystem32x264vfw-uninstall.exe

2011-04-14 16:57 . 2011-04-29 14:24 142296 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll

.

.

((((((((((((((((((((((((((((( [email protected]_16.33.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-06 16:05 . 2011-11-06 16:05 16384 c:windowsTempPerflib_Perfdata_104.dat

- 2011-11-05 16:15 . 2011-11-05 16:15 16384 c:windowsTempPerflib_Perfdata_104.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Skype"="c:program filesSkypePhoneSkype.exe" [2011-07-29 17361032]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"Six Engine"="c:program filesASUSEPU-4 EngineFourEngine.exe" [2008-07-23 5625344]

"LogMeIn GUI"="c:program filesLogMeInx86LogMeInSystray.exe" [2008-07-24 63048]

"RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408]

"LifeCam"="c:program filesMicrosoft LifeCamLifeExp.exe" [2007-05-17 279912]

"VX1000"="c:windowsvVX1000.exe" [2007-04-10 709992]

"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2011-06-15 997920]

"AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2011-06-07 421160]

"PWRISOVM.EXE"="c:program filesPowerISOPWRISOVM.EXE" [2011-06-15 307200]

"UVS10 Preload"="c:program filesUlead SystemsUlead VideoStudio SE DVDuvPL.exe" [2006-08-09 36864]

"WinDVR SchSvr"="c:program filesCommon FilesInterVideoSchSvrSchSvr.exe" [2003-06-06 151552]

"D-Link D-Link DWA-125"="c:program filesD-LinkDWA-125 revAAirGCFG.exe" [2009-10-19 995328]

"WZCSLDR2"="c:program filesD-LinkDWA-125 revAWZCSLDR2.exe" [2009-10-19 122880]

"Info Center"="c:program filesPCPitstopInfo CenterInfoCenter.exe" [2011-09-26 24216]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-06-09 254696]

.

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2011-07-27 434080]

.

c:documents and settingsmamaMenu StartProgramma'sOpstarten

SpywareGuard.lnk - c:program filesSpywareGuardsgmain.exe [2003-8-29 360448]

.

c:documents and settingsAll UsersMenu StartProgramma'sOpstarten

InterVideo WinCinema Manager.lnk - c:program filesInterVideoCommonBinWinCinemaMgr.exe [2011-8-13 131072]

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2011-10-30 113024]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]

2009-09-22 05:43 548352 ----a-w- c:program filesSUPERAntiSpywareSASWINLO.DLL

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyLMIinit]

2011-10-08 06:50 87424 ----a-w- c:windowssystem32LMIinit.dll

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hp psc 1000 series.lnk]

path=c:documents and settingsAll UsersMenu StartProgramma'sOpstartenhp psc 1000 series.lnk

backup=c:windowspsshp psc 1000 series.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hpoddt01.exe.lnk]

path=c:documents and settingsAll UsersMenu StartProgramma'sOpstartenhpoddt01.exe.lnk

backup=c:windowspsshpoddt01.exe.lnkCommon Startup

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:program filesQuickTimeQTTask.exe

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:Program FilesMessengermsmsgs.exe"=

"c:WINDOWSDownloaded Program FilesPurpleBean.exe"=

"c:ijjiENGLISHu_sfsoldierfront.exe"=

"c:WINDOWSsystem32PnkBstrA.exe"=

"c:WINDOWSsystem32PnkBstrB.exe"=

"c:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx9.exe"=

"c:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx10.exe"=

"c:Program FilesUbisoftAssassin's CreedAssassinsCreed_Launcher.exe"=

"c:Program FilesActivisionCall of Duty - World at WarCoDWaW.exe"=

"c:Program FilesActivisionCall of Duty - World at WarCoDWaWmp.exe"=

"c:WINDOWSDownloaded Program FilesijjiOptimizer.exe"=

"c:Program FilesMicrosoft LifeCamLifeCam.exe"=

"c:Program FilesMicrosoft LifeCamLifeExp.exe"=

"c:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4sp.exe"=

"c:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4mp.exe"=

"c:Program FilesGoogleGoogle Earthclientgoogleearth.exe"=

"c:Program FilesWindows LiveMessengermsnmsgr.exe"=

"c:Program FilesWindows LiveSyncWindowsLiveSync.exe"=

"c:Program FilesWolfenstein - Enemy TerritoryET.exe"=

"c:program filesMicrosoft ActiveSyncrapimgr.exe"= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:program filesMicrosoft ActiveSyncwcescomm.exe"= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:program filesMicrosoft ActiveSyncWCESMgr.exe"= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:Program FilesBonjourmDNSResponder.exe"=

"c:Program FilesSafariSafari.exe"=

"c:Program FilesiTunesiTunes.exe"=

"c:Program FilesActivisionCall of Duty 2CoD2MP_s.exe"=

"c:Program FilesActivisionCall of Duty 4 - Modern Warfareiw3mp.exe"=

"c:Program FilesSkypePhoneSkype.exe"=

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1620:UDP"= 1620:UDP:Windows Media Format SDK (wmplayer.exe)

"1621:UDP"= 1621:UDP:Windows Media Format SDK (wmplayer.exe)

"1624:UDP"= 1624:UDP:Windows Media Format SDK (wmplayer.exe)

.

R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [14/05/2009 13:22 12880]

R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [14/05/2009 13:22 67664]

R2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE.EXE [12/06/2011 19:53 116608]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:program filesEmsisoft Anti-Malwarea2service.exe [13/06/2011 16:44 3045688]

R2 ANPD;ANPD Service;c:windowssystem32ANPD.SYS [30/10/2011 7:16 29411]

R2 LMIGuardianSvc;LMIGuardianSvc;c:program filesLogMeInx86LMIGuardianSvc.exe [5/10/2010 11:45 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:program filesLogMeInx86rainfo.sys [24/07/2008 17:46 12856]

S1 MpKsl2a03b60a;MpKsl2a03b60a;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7262EA36-DCEB-49B7-87AB-3885AE2C843C}MpKsl2a03b60a.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7262EA36-DCEB-49B7-87AB-3885AE2C843C}MpKsl2a03b60a.sys [?]

S1 MpKslb124d8ed;MpKslb124d8ed;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{56BFF251-6282-460B-B669-266224A92BB0}MpKslb124d8ed.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{56BFF251-6282-460B-B669-266224A92BB0}MpKslb124d8ed.sys [?]

S1 MpKsld0e9bdc2;MpKsld0e9bdc2;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{70379D85-E50B-44FF-86E2-CFC904337769}MpKsld0e9bdc2.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{70379D85-E50B-44FF-86E2-CFC904337769}MpKsld0e9bdc2.sys [?]

S3 a2acc;a2acc;c:program filesEmsisoft Anti-Malwarea2accx86.sys [13/06/2011 16:44 73728]

S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [22/05/2009 8:06 1691480]

S3 D_Link_DWA-125;D_Link_DWA-125 Service;c:program filesD-LinkDWA-125 revAANIWZCSdS.exe [30/10/2011 7:16 126976]

S3 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:program filesD-LinkDWA-125 revAANIWConnService.exe [30/10/2011 7:16 40960]

S3 gupdate;Google Updateservice (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [22/11/2009 19:04 135664]

S3 gupdatem;Google Update-service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [22/11/2009 19:04 135664]

S3 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [6/11/2007 21:22 34064]

S3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des -service --> c:windowssystem32GameMon.des -service [?]

S3 PCPitstop Scheduling;PCPitstop Scheduling;c:program filesPCPitstopPCPitstopScheduleService.exe [30/10/2011 17:53 91816]

S3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [14/05/2009 13:22 12872]

S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:windowssystem32driversSmiUsbGrabber3C.sys [10/08/2011 18:03 805632]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-08-25 c:windowsTasksAppleSoftwareUpdate.job

- c:program filesApple Software UpdateSoftwareUpdate.exe [2009-10-22 15:57]

.

2009-06-04 c:windowsTasksFRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4243881968.job

- c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-09 15:56]

.

2011-11-06 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2009-11-22 18:04]

.

2011-11-05 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2009-11-22 18:04]

.

2011-11-06 c:windowsTasksMP Scheduled Scan.job

- c:program filesMicrosoft Security ClientAntimalwareMpCmdRun.exe [2011-04-27 13:39]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

TCP: DhcpNameServer = 195.130.130.4 195.130.131.4

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

FF - ProfilePath - c:documents and settingsmamaApplication DataMozillaFirefoxProfileshefq8rku.default

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - about:home

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-06 17:15

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc]

"ImagePath"="c:windowssystem32GameMon.des -service"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(708)

c:program filesSUPERAntiSpywareSASWINLO.DLL

c:windowssystem32LMIinit.dll

c:windowssystem32LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(3008)

c:windowssystem32webcheck.dll

c:windowssystem32WPDShServiceObj.dll

c:windowssystem32PortableDeviceTypes.dll

c:windowssystem32PortableDeviceApi.dll

.

Voltooingstijd: 2011-11-06 17:16:45

ComboFix-quarantined-files.txt 2011-11-06 16:16

ComboFix2.txt 2011-11-05 16:34

.

Pre-Run: 34.592.882.688 bytes beschikbaar

Post-Run: 34.581.741.568 bytes beschikbaar

.

- - End Of File - - 14E0B88EFB3CC5716D4D3F71F4904C67

Link to post
Share on other sites

Hello gagaman

 

I hope I did it right

You did it just fine :)

 

When I dropped the notapad file on combofix, combofix asked to update to an newer version... I clicked ok. Then combofix seemed to update and did the job.

Thats normal procedure when an update is available - you did the right thing by allowing it to install.

 

The new comboFix log looks good to me - no more signs of babylon :)

 

Provided you are no longer experiencing any other problems I think we can remove our tools:

  • Please Uninstall Combofix

  • Click on "Start" and then on "Run".
  • Now type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.
  • Please perform the following cleanup procedure

    • Double click on the OTL.exe icon on your desktop to run the program.
    • Once OTL has opened, click on the "CleanUp!" button.
    • Follow any prompts that you receive.
  • Your Adobe Reader is out of date

    • You can obtain the latest version of Adobe Reader from here, and the latest version of Flash Player from here.
    • For more information and links to Adobe updates and downloads click here.

    Its a little slow at startup, but I will check the services that load at startup and disable the ones that are not necessary. Will do this after you declared this machine clean

    The following may be helpful:
  • Defragment your hard drive

  • StartupLight

    • You may wish to try StartupLite. Simply download this tool to your desktop and run it.
    • It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup.
    • This will result in fewer programs running when you boot your system, and should improve performance.
    • You can find it here: http://www.malwareby...startuplite.php
    More information can be found in the link below:

     

    http://www.bleepingc...ndpost&p=487112

     

     

    Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.

  • Finally, please take the time to read through the information provided below:

     

    Enhance your System Security

    • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.
    • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
    • Once complete, remember to re-engage your resident security before going online.
    Web Browsers and Browser Security

     

    Firefox

    • You can download Firefox from here.
    No-Script

    • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
    • You can download No-Script by clicking here.
    Internet Explorer

    • The newest version of Internet Explorer is available from here.
    • Please Note: IE9 is not configured to run on XP machines.
    SpywareBlaster

    • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
    • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
    • You can download SpywareBlaster by clicking here.
    Web of Trust

    • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
    • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
    • You can download Web of Trust by clicking here.
    Keep your Software Updated

    • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
    • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.
    Passwords

    • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.
    General Reading

    Learn How To Combat Malware

    • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.
Link to post
Share on other sites

Hello jonTom,

 

Thanks for your time and efforts to help me with this computer. Really appreciated!!

 

I will pass your final advices to the lady who owns this pc.

 

regards

gagaman

Link to post
Share on other sites

Thanks for your time and efforts to help me with this computer. Really appreciated!!

I will pass your final advices to the lady who owns this pc.

You are both Very Welcome :)

 

Best wishes

JonTom

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...